Strong Customer Authentication (SCA) is here

#Strong Customer Authentication, #SCA, #compliance, #payments, #conversion, #checkout, #Beanie, #PSD2, #DSP2, #regulation, #3Dsecure

On September 14, 2019, Strong Customer Authentication (SCA) will enter into force within the PSD2, and lots of businesses aren't well equipped to face it. Here is a quick tour of this new rule and a short guide to avoid annoying surprises.

So what the heck is SCA?

In a few words, it’s a new European regulation that aims to better protect consumers when they pay online so they don’t get hurt. Coming into force on September 14, 2019, it will impact the whole European Economic Area (EEA) (including the UK) and it takes place within the Payment Services Directive 2 (Directive 2015/2366) (PSD2).

How will SCA impact European businesses?

SCA would deeply change the way online payments take place in order to improve their security. To do so, online sellers will need to ask online buyers for 2 of 3 authentication factors:

  • Something they know (Password, PIN…)

  • Something they have (Smartphone, Tablet…)

  • Something they are (Fingerprint, face, or voice recognition…)

To avoid declined payments by customers’ banks and therefore supplementary frictions from conversion cutbacks, European digital businesses have to be carefully prepared.

How to tackle SCA?

Here are three steps to respond to this new technological challenge.

First - determine if your business is impacted.

/ Is your business based in the European Economic Area? / Do you sell to customers in the EEA? / Do you accept card payments?

Second - choose an SCA-compliant payment service provider and checkout process.

The list of payment service providers is quite huge, but there are some solutions like Stripe or Ayden that are making strides in order to be SCA-proof.

Beanie, our hosted checkout page, allows you to automate the whole Stripe integration and set up a seamless workflow. In addition to handling SCA, you can implement a real-time sales tax, VAT and GST calculation and reporting.

Note: SCA applies when the payment is triggered by the payer, so SEPA payments are not involved as they are initiated by the payee and the payment mandates take place without any action from the payer.

Third - Get it done before September 14. After this date, the risk of experiencing declined payments from your customers’ banks is going to be very high. Don’t rest on your laurels, get going, and implement the technological solutions that will ensure your conversion by complying with SCA.

How will subscription models be impacted?

For recurring businesses collecting payments through credit and/or debit cards, SCA will apply only with the first payment (the initial transaction). But then if the amount changes over time, 3D Secure would be required.

So yes, recurring revenue can be impacted and this represents a huge challenge for recurring businesses with fluctuating amounts (i.e. ‘flat fees + usage fees’ billing models). Fortunately, there is also good news! Recurring transactions are considered to be “payee initiated”, so these are exempt from SCA authentication requirements.

That means payments initiated by the merchant as well as ‘statistic amount recurring payments’ aren’t affected by SCA in most cases.

Are businesses unaware of SCA?

It may be hard to believe but Mastercard research revealed that close to 75% of European online merchants are potentially unaware of the new SCA requirements coming into force this year. As of 14 September 2019, SCA requirements will be mandatory and online retailers need to be prepared before it arrives.

If you’re an online seller and have zero plans to support SCA yet, you should promptly ask your payment service provider to ensure your business is ready to support Strong Customer Authentication.

Aiming to ensure conversion and improve the payment experience for online customers, Octobat is launching Beanie - a new robust and customizable hosted checkout page that improves the customer payment experience and brings real-time tax calculation - SCA-proof.

If you have any further questions, concerns, or want to give us feedback, you can email us at

Last updated