Strong Customer Authentication
The Strong Customer Authentication (SCA) elements of the Revised Payment Services Directive (PSD2) are designed to reduce fraud. This directive mandates issuers and acquirers to use authentication – validating a cardholder’s identity before they pay.
These regulations were put into effect from 14 September 2019 for issuers and acquirers in the European Union and European Economic Area (EU / EEA). The SCA regulations will require cardholders to perform a Chip and PIN transaction, each time they have reached a cumulative contactless spend of €150 (or local currency equivalent) or when they complete five consecutive contactless transactions since they were last authenticated.
The card scheme's authorisation systems return new response codes when cardholders pass these limits.
HPA versions lower than v.4.4.00 decline the contactless transactions when SCA codes are returned by the scheme authorisation system. When this happens, the attendant should advise the card holder to complete the transactions as Chip & Pin or Swipe.
HPA v.4.4.00 and later versions will interpret the SCA response codes to automatically fall forward to a Chip & Pin or swipe transaction. This means that the PED would automatically prompt to Insert or Swipe the card.
Minimum firmware version for SCA:
|Sr. No||PED||Min. firmware version required for SCA|
|1||VeriFone P400||VIPA 184.108.40.206|
|2||VeriFone V240||VIPA 220.127.116.11|
Note: Some transactions on devices will continue to decline when SCA conditions are met. When this happens,the attendant should advise cardholder to use physical card.