Strong Customer Authentication (SCA)
SCA is an EU regulation under the second Payment Services Directive (PSD2). The aim being to add more layers of security to online payments and reduce fraud.
When SCA applies
SCA applies to countries in the EEA (European Economic Area) and is required for certain transaction types.
|Customer Initiated Transaction (CIT)||e.g. online card payment|
|Recurring order||Applies to the first Customer Initiated Transaction (CIT) in a Merchant Initiated Transaction (MIT) series, for example:|
|Add card to account||Applies when adding new cards to an online account (e.g. add a card to Amazon/Ebay account). The |
When SCA does not apply
|Under certain conditions you can bypass the need for 3DS whilst still remaining SCA compliant|
Liability is shifted to the Exemption provider (e.g. Worldpay) instead of the issuer for this case.
|Recurring payments (after initial CIT, see||Recurring payments where the customer is not present do not require SCA|
|MOTO Payments||e.g. Telephone, In-store|
|One Leg Out||If the issuing bank or acquirer is outside the EEA (European Economic Area)|
|Corporate Payments||Virtual cards, used for things such as booking travel.|
|Whitelist (trusted Businesses)||Cardholder can whitelist a merchant to avoid future 3DS checks|