Discuss a project Message Us

Industry News | Tips and Advice

What does the new Strong Customer Authentication (SCA) regulation mean for my business?


During the last few years, authorities have been working tirelessly to tackle the issue of fraud and many changes have been made in an attempt to make online payments a more secure process.

With the advent of technology such as Apple Pay and other forms of mobile wallet, it is clear that huge progress is being made to sure up the public’s bank accounts each day and give people the peace of mind they crave.

One major introduction is set to change the way that retailers and E-commerce businesses operate their online shops and that’s the new Strong Customer Authentication (SCA) regulation, which is set to take effect on September 14th, 2019 for all current EU members. With such a radical step taken by the EU, many people have suggested that the change is as significant as the introduction of the Chip and PIN system, with some experts going as far as to predict that servers aren’t able to cope with such changes and the retail sector quite simply isn’t ready for the regulation to be implemented.

What is the SCA regulation?

The SCA is a method of verifying a customer’s identity which has been administered by PDS2, the EU directive which regulates payment services throughout the European Union. Essentially, the regulation is carried out by requiring sellers to authorise sales but only after the customer has used at least two different methods to identify themselves. The two methods used to verify a buyer must be taken from the following list:

  • Something the customer knows – I.E the answer to a security question, or a personal password.
  • Something the customer has – A retailer should be able to send a push notification of some sort to the customer’s mobile phone for verification.
  • Something the customer is – Due to modern technology, many customers will now be verifiable through fingerprint technology on their phone, or Face ID.

If retailers can make sure customers verify themselves in two of those three ways, they should be fine. As users of payment gateways such as Apple Pay will note, things like fingerprint technology have been around for a while and they present an easy chance to prevent fraud in a timely manner, even despite the climate of data protection concerns we currently inhabit.

Does my business currently comply with the regulation?

There are currently a few payment gateways which are already confirmed as being ‘SCA ready’. Payment systems such as Stripe, Amazon Pay and Global Payments Gateway already offer this functionality, with companies such as PayPal looking to find solutions in order to make sure their sellers can continue to operate smoothly. If you currently use any of these payment gateways, you should be ok to continue as you are.

What happens on September 14th if I’m not complying?

If your online E-commerce shop is present in the European Economic Area (EEA) but isn’t SCA ready, then we have bad news – customer payments are likely to decline during checkout once September 14th hits.

What can I do?

If you’re worried about the upcoming regulation and you want to get some clarification on which changes need to be made before the deadline, we’d recommend contacting your payment gateway’s developer directly – they’ll know best after all.

At Platform81 we’ll be contacting all of our E-commerce customers over the next week or two in order to advise and tackle any possible issues to ensure that you’ll be able to continue as usual, so not to worry guys!