PSD2 and Strong Customer Authentication (SCA)

The Strong Customer Authentication (SCA) elements of the European Union's (EU) Revised Payment Services Directive (PSD2) are designed to reduce fraud.

This directive requires issuers and acquirers to use authentication. Authentication validates a card holder’s identity before he or she pays.

These regulations apply from the 14th of September 2019 for issuers and acquirers in the European Union (EU) and European Economic Area (EEA).

The regulations state that cardholders must make a chip and PIN transaction each time they reach a cumulative contactless spend of €150 (or local currency equivalent). Cardholders must also make a chip and PIN transaction when they complete five consecutive contactless transactions since they were last authenticated.

The card schemes’ authorisation systems return new response codes when cardholders pass these limits.

IPC understands these new response codes, and so automatically demands a chip and PIN or swipe transaction when the regulations demand. This means the payment terminal automatically prompts cardholders for a chip and PIN/swipe transaction when needed. This payment terminal and IPC action is completely automatic; merchants do not have to take any action.

Note: For SCA to work, the payment terminal must be up-to-date. See the table below.

Minimum firmware version for SCA

Serial NumberPayment terminal nameMinimum firmware version required for SCA
1VeriFone P400VIPA 6.6.1.10