• UK : (+44) 161 987 7632  |  US: (+01) 512 306 0030

What you need to know about PSD2 and Strong Customer Authentication (SCA)

Payment Service Directive (PSD2)

On 14th September 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).

Here we’ll tell you what online businesses need to know about the new regulations, and how we can help. 

The new requirements, known as Strong Customer Authentication (SCA) are being put in place to reduce fraud and make online payments more secure. Once the European regulation comes into effect, online businesses will need to build additional authentication into the checkout flow. 


SCA requires authentication to use at least two of the following:

EU Regulation Requirements (PSD2)

  1. Something the customer KNOWS (e.g. password or pin)
  2. Something the customer HAS (e.g. phone)
  3. Something the customer IS (e.g. face recognition)

Strong Customer Authentication will apply to “customer-initiated” online payments. As a result, most card payments and all bank transfers will require SCA. Direct debits are considered “merchant-initiated” and therefore SCA does not apply to them.  

For online card payments, the requirements will apply to transactions where the business and the cardholder’s bank are both located in the European Economic Area (EEA), and we expect SCA to be enforced in the UK regardless of Brexit. 


Authentication 2.0

At the moment the most common way of authenticating an online card payment is through 3D Secure, a standard supported by most European cards. This authentication adds a step after checkout where the cardholder is prompted by their bank to input a one-time code sent to their phone, or do fingerprint authentication through their mobile banking app.  

3D Secure 2.0 is the upgraded authentication protocol rolling out this year, as the main method for authenticating online card payments to meet SCA. This version will provide better user experience, and reduce some of the current friction in the checkout flow. 


Exemptions for low value transactions 

Transactions below €30 are considered “low value” and may be exempt from SCA. However banks will need to request authentication if the exemption has been used five times since the cardholder’s last successful authentication, or if the sum of previously exempt payments exceeded €100. Therefore the cardholder’s bank will need to track the number of times the exemption has been used and decide whether authentication is necessary.

While there will be various exemptions, a bank may choose to decline them and request SCA anyway, therefore quick authentication will prove essential for customer experience and conversion rates. 


Hello Soda’s here to help

The good news is, we can help. Businesses are required to authenticate using two of the following:

  1. Something the customer KNOWS (e.g. password) Enabled through Profile iD
  2. Something the customer HAS (e.g. phone)
  3. Something the customer IS (e.g. face recognition) Enabled through BioMatch

We enable SCA compliance with our market-leading solutions. We offer BioMatch facial recognition, which is an essential part of the SCA process, and we offer ProfileiD, which allows users to authenticate their identity using credentials and passwords. Using our solutions also means an electronic audit trail, which assists regulatory compliance. 

Our suite of solutions have been built to the highest technical standards and create a smoother customer journey. This means less friction, and also means less customer drop off, which SCA is expected to create a great deal of. Therefore our products will help companies comply, and also increase conversions dramatically when this new step is added to the customer journey. 


We’ll get you SCA ready in less than a week

SCA requirements begin on September 14th, so with that date just around the corner you’ll be glad to know that we can set you up with the product solution that best suits your business in less than a week, and in some cases within 24 hours.

Just book a demo and we’ll talk you through how we can get your business ready for the big change.

Content Download

To download this document, or any of our Use Cases and brochures please enter your email address below
Download PDF

Product Overview

To download this product overview please enter your email address below
Download PDF
Whitepaper - Insights into consumer attitudes towards the use of social data for identity verification.