Regulation
Strong Customer Authentication
Also: SCA
PSD2 requirement that customer-initiated electronic payments in the EEA and UK be authenticated with two of: knowledge, possession, inherence.
SCA is the PSD2 rule that ecommerce payments in the EEA and UK must be authenticated with two independent factors. 3DS2 is the primary technical vehicle: a successful frictionless or challenge flow satisfies SCA. Several exemptions reduce friction, low value, low risk (TRA), trusted beneficiaries, MIT (merchant-initiated transactions), and corporate cards.
Related terms
A card-network authentication protocol that shifts fraud liability from the merchant to the issuer when a cardholder is verified.
The EU's Payment Services Directive 2, which mandates SCA, opens banking APIs, and reshapes payment liability.
A charge initiated by the merchant against a previously stored credential, without the cardholder present.
Ready for velocity?
Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.