Strong Customer Authentication
The Strong Customer Authentication (SCA) elements of the Revised Payment Services Directive (PSD2) are designed to reduce fraud. This directive mandates issuers and acquirers to use authentication – validating a cardholder’s identity before they pay.
These regulations were put into effect from 14 September 2019 for issuers and acquirers in the European Union and European Economic Area (EU / EEA). The SCA regulations will require cardholders to perform a Chip and PIN transaction each time they have reached a cumulative contactless spend of €150 (or local currency equivalent) or when they complete five consecutive contactless transactions since they were last authenticated.
The card scheme's authorisation systems will return new response codes when cardholders pass these limits.
IPC versions lower than v.2.3.1 will decline the contactless transactions when SCA codes are returned by the schemes authorisation system. When this happens, the attendant should advise the card holder to complete the transactions as Chip & Pin or Swipe.
IPC2 v.2.3.1 and later versions will interpret the SCA response codes to automatically fall forward to a Chip and PIN or swipe transaction. This means that the PED would automatically prompt to Insert or Swipe the card.
Minimum firmware version for SCA:
|Sr. No||PED||Min. firmware version required for SCA|
|1||VeriFone P400||VIPA 66110|
|2||VeriFone Vx820||VIPA 66110|
|3||Ingenico iPP350||RAM 1606|
|4||Ingenico iWL250||RAM 1606|
|5||Miura M010||MPI 1-43|
Note: Some transactions on Mobile devices will continue to decline when SCA conditions are met. When this happens,the attendant should advise cardholder to use physical card.