Strong Customer Authentication

The Strong Customer Authentication (SCA) elements of the Revised Payment Services Directive (PSD2) are designed to reduce fraud. This directive mandates issuers and acquirers to use authentication – validating a cardholder’s identity before they pay.

These regulations were put into effect from 14 September 2019 for issuers and acquirers in the European Union and European Economic Area (EU / EEA). The SCA regulations will require cardholders to perform a Chip and PIN transaction each time they have reached a cumulative contactless spend of €150 (or local currency equivalent) or when they complete five consecutive contactless transactions since they were last authenticated.

The card scheme's authorisation systems will return new response codes when cardholders pass these limits.

IPC versions lower than v.2.3.1 will decline the contactless transactions when SCA codes are returned by the schemes authorisation system. When this happens, the attendant should advise the card holder to complete the transactions as Chip & Pin or Swipe.

IPC2 v.2.3.1 and later versions will interpret the SCA response codes to automatically fall forward to a Chip and PIN or swipe transaction. This means that the PED would automatically prompt to Insert or Swipe the card.

Minimum firmware version for SCA:

Sr. NoPEDMin. firmware version required for SCA
1VeriFone P400VIPA 66110
2VeriFone Vx820VIPA 66110
3Ingenico iPP350RAM 1606
4Ingenico iWL250RAM 1606
5Miura M010MPI 1-43

Note: Some transactions on Mobile devices will continue to decline when SCA conditions are met. When this happens,the attendant should advise cardholder to use physical card.