Secure Customer Authentacation (SCA) – 3DS 2.0


What’s this all about?

It came about because of PSD2.

From September 2019, all electronic payment transactions will need to be authenticated by at least two of the three below methods:

  • Knowledge: something only the user knows, such as a password
  • Possession: something only the user possesses, such as a token or mobile phone
  • Inherence: something the user is, such as a biometric (e.g. fingerprint recognition)

Why introduce SCA?

SCA (or two-factor authentication) aims to drive down fraud; however, the challenge is implementing SCA without scaring away customers or reducing acceptance rates. Today’s consumers are familiar with the seamless engagement and frictionless transactions so things may change a little BUT…

Show me the Exemptions!

But, there are certain exemptions to SCA that will help maintain a frictionless payment experience:

    1. Trusted beneficiaries
      Consumers can whitelist merchants they deem trustworthy with their bank so SCA is not required.
    1. Recurring transactions
      When a consumer makes a regular payment of the same amount to the same business, SCA is only required for the first transaction.
    1. Low-value transactions
      Transactions below €30 will not require SCA.

    2. Low-risk transactions
      Lower risk transactions that have undergone real-time assessment may be processed without SCA.

How will SCA impact the customer journey?

The first thing to be aware of is that this move towards SCA across almost all European eCommerce traffic will certainly see a large decrease in online payment fraud. This is the driving force behind the SCA requirements and for both merchants and consumers, this can only be seen as a good thing, right?

The second thing to remember is that these changes will impact all online merchants, regardless of their vertical or industry. Working with your payment provider to ensure you’re utilising all of the exemptions you can and keeping your customer journey as frictionless as possible will be a key way that you can stay ahead of your competitors.

3DS 2.0?

A new version of the 3D Secure protocol – 3D Secure 2 – is in development by the Card Scheme group EMVCo (made of six member organisations – American Express, Discover, JCB, Mastercard, UnionPay, and Visa).

This new version tackles many of the perceived shortcomings of the original 3D Secure solution such as improved support for mobile and other devices, larger range of authentication methods such as biometrics, and authentication of non-payment activities to support integration with digital wallets. Additionally, it is actively being tweaked to address the needs of the European market to meet the regulatory requirements of SCA including support for exemption flagging and whitelisting. HURRAY!

Are you READY for SCA?

SCA (or two-factor authentication) aims to drive down fraud #SCA Click To Tweet