What Is Secure Customer Authentication (SCA)?

If your business takes any kind of online payments, you really should read this article to understand what Secure Customer Authentication is and how to become compliant. Otherwise, soon banks will start to decline payments made via your website.

Remember when GDPR happened?

Last year the face of the internet as we know it changed, due to the European General Data Protection Regulation (GDPR) coming into effect. Despite the fact that GDPR was announced years prior, many businesses simply didn’t pay attention to it or realise the implications that it would bring, and how it would massively impact the way that they conduct certain aspects of their operations. This resulted in a last-minute panic: many bad decisions were made, much money was wasted, and lots of business owners, marketers and web developers went into therapy.

Make sure your business is SCA compliant
Whilst getting ahead of the curve on SCA compliance will save you headaches, it’s not going to help with your neck. Please – see a Doctor about that!

Something even bigger is on the horizon.

A new rule called Strong Customer Authentication (SCA) is coming into effect across Europe on September 14, 2019. If you don’t comply with the changes in legislation, banks will start to decline payments made to your business online.

If your business takes any kind of payment online – you need to act now and make sure you’re ready. Otherwise the impact on your business will be much bigger than GDPR and you’re going to wake up on the 14th September in a hot sweat to an inbox full of declined transactions.

Let me tell you a secret. I actually love GDPR.

Don’t get me wrong, I loather the poor implementations of GDPR practices that are designed solely to tick the ‘compliance’ box for businesses, with little to no thought on the impact this will have on their customers. Unfortunately, this has made searching for recipes or reading news articles from certain websites almost impossible – but as a consumer it’s better to know the extent to which these seemingly innocent companies are tracking us and to have the option to leave their website if you deem it excessive.

The changes that GDPR was designed to bring about are actually very positive for both businesses and customers, and Strong Customer Authentication is too. SCA is going to mark a change towards further protection for consumers, reduced fraud, and will benefit legitimate businesses by preventing poor quality competition from setting up.

Here’s what you need to do by September.

Unfortunately, implementing the practices needed to become compliant ranges from fairly annoying to massively frustrating. Businesses are required to implement an additional payment step in their checkout flow which uses an authentication method like a password, hardware token or biometric (eg fingerprint) for a customer to confirm their payment. For most businesses the easiest solution will be to correctly implement the new version of 3D Secure (cleverly named 3D Secure 2) which is rolling out in banks across Europe in anticipation of SCA coming into effect in September 2019.

SCA in action
One method of authentication is 3D Secure 2 – where the customer confirms their payment via their banking app.


Unsure of the impact SCA will have on your business? Contact us today for a free audit to see if you’re SCA-ready.

Join our mailing list

Sign up to receive free web design and branding tips direct to your mailbox. No spam, ever.

Let's Work Together

We are passionate about helping businesses like yours get more from their web presence.

If you need a new website, help with improving traffic and conversions or fresh ideas on how to improve your brand and it’s market position, send us a quick enquiry with this form and we’ll get back to you as soon as possible.

If you’d prefer a chat, please call us on 0191 228 6967.