Strong Customer Authentication
The Strong Customer Authentication (SCA) elements of the Revised Payment Services Directive (PSD2) are designed to reduce fraud.
This directive mandates issuers and acquirers to use authentication – validating a cardholder’s identity before they pay.
These regulations were put into effect from 14 September 2019 for issuers and acquirers in the European Union and European Economic Area (EU/EEA). The SCA regulations require cardholders to make a chip and PIN transaction each time they reach a cumulative contactless spend of €150 (or local currency equivalent). The same rule applies to cardholders who complete five consecutive contactless transactions since they were last authenticated.
The card scheme's authorisation systems return new response codes when cardholders pass these limits.
IPC versions lower than v.2.3.1 will decline the contactless transactions when SCA codes are returned by the scheme's authorisation system. When this happens, the attendant should advise the card holder to complete the transactions as Chip & Pin or Swipe.
IPC2 v.2.3.1 and later versions interpret the SCA response codes to automatically fall forward to a Chip and PIN or swipe transaction. This means that the payment device automatically prompts the cardholder to Insert or Swipe the card.
Minimum firmware version for SCA
|Sr. No||Payment device||Min. firmware version required for SCA|
|1||VeriFone P400||VIPA 66110|
|2||VeriFone Vx820||VIPA 66110|
|3||Ingenico iPP350||RAM 1606|
|4||Ingenico iWL250||RAM 1606|
|5||Miura M010||MPI 1-43|
Note: Some transactions on Mobile devices will decline even when SCA conditions are met. When this happens, the attendant should advise the cardholder to use a physical card.