Strong Customer Authentication (SCA)

Learn everything you need to know about SCA for your online business in this guide.

Decrease fraud and increase your conversion by implementing SCA for your online creditcard payments. As owner of a business with an online presence, you need to configure your online payments to make sure your customers can experience a safe and convenient payment process.

Safe & Secure

Make payments for your customers safe and secure, without compromising on customer convenience. The coming months online payments by card will increasingly receive a message that the payment has been rejected, unless the customer is authenticated using SCA.

At CCV we have adjusted API to ensure the proper information can be forwarded to the cardholder’s bank to perform SCA. Our API already ensured the possibility to authenticate with 3-D Secure, however with these changes we ensure that we comply with the PSD2 regulations and deadlines.

Implementing SCA offers benefits for your business such as:

  • Your customers can do a transaction without additional authentication.
  • You will contribute to a safe payment landscape and decrease fraud.

PSD2, SCA and 3DS2

Authentication is key

What is it and what is the function of it? 

Strong Customer Authentication (SCA) is the Card Scheme’s interpretation of the PSD2 regulations. With SCA your customers may be asked to confirm their identity, by providing two out of the three following methods:

  1. Something the customer has (password, code)
  2. Something the customer knows (token, smartphone)
  3. Something the customer is (fingerprint, face recognition)

This is also known as two-factor authentication and confirms that the transaction is legitimate.

EMV 3DSecure (EMV 3DS) is a technology created by the major card schemes that can be used to facilitate Strong Customer Authentication for online card payments. This new version of 3DS makes it possible for your customers to perform a payment without an extra authentication. Download the guide and read more about the different versions and possible exemptions. 

Online authentication changes

As online shopping becomes common, the landscape will continue to evolve to keep shoppers safe.

Strong Customer Authentication (SCA) is required where a payment service user (customer) initiates an electronic payment transaction.

The European Banking Authority (EBA) allowed for regulatory flexibility on enforcement until 31 December 2020. All issuers, acquirers, gateways, payment service providers and merchants must be ready to support SCA from that deadline.

To remain compliant and to avoid consumers experiencing declined e-commerce transactions, you need to take steps to minimize the negative impacts of these changing regulations on your business.

FAQ

  • What should I do as a business with an online presence?

    Are you a customer of CCV? Get in touch with us via onlinepayments@ccv.eu or for any technical questions about our API via psp-support@ccvlab.eu.

    If you are a new CCV customer, you can get in touch with one of our local offices.

    Get in contact with one of our colleagues to make sure your payment solution is configured correctly to comply with this regulation. We will inform and help you with the actions you need to take in order to prepare and meet the agreed timeline.

    We will guide you through the steps:

    1. Which version of 3DSecure to use (the technology which enables SCA) and what the new version of 3DS means to your business;
    2. Which exemptions you might be able to use to encourage a better customer experience and how to use these;
    3. Which changes will apply for you for the interface to start the payment process. Please note that this interface may need more parameters than in your current interface;
    4. Dates and windows for testing your checkout process and website;
    5. Date for go-live.

    We encourage you as a merchant to make plans as soon as possible, due to the amount of changes that may be required. This could have a negative impact if no action is taken.

  • I have a CCV Shop webshop, what should I do?

    In this case, there is no action needed from your side. From December 31st, 2020 CCV will ensure that SCA will be enforced on transactions through your existing CCV Shop software. Your customers will be asked to provide more customer details to promote a frictionless payment experience.

  • I have a webshop, other than CCV Shop webshop. It already supports 3DS.

    If your webshop software platform currently supports 3DS, new information may have to be added to the transaction initiation. EMV 3DS makes it possible for your customers to realize the payment without an extra authentication.

    CCV will specify which information in the interface documentation. One extra benefit: this is one step closer to the possibility for customers to check out frictionless, meaning that no authentication by the cardholder may be required.

  • How will CCV manage exemptions?

    In the SCA there are exemptions for merchants, the type of transactions, etc. CCV is currently working on the implementation of these exemptions in our API specifications and will make these documents available as soon as possible.

Ready to find out more?

We are happy to help

Please note this information may be subject to interpretation. If you’re looking for expert help when navigating PSD2 and SCA — to remain compliant as painlessly as possible — contact us today. We make payments happen safely and securely, without compromising on customer convenience. Get in touch to learn more.