The Strong Customer Authentication (SCA) is a new regulation for the verification of online payments, applicable throughout the European Union since September 2019, whose objective is to raise the protection of users of Ecommerce and pages web and in this way avoid possible dangers such as theft of credentials with the consequent risk of unauthorized transfers of funds.
How SCA Works
The SCA raises the levels of authentication necessary when making an electronic payment (so it will not only include online payments but also certain payments made in physical stores such as contactless card payments).
To make the payment, the use of at least two of the following three authentication elements based on possession, knowledge and inherencewill be mandatory:
- Something known to the user as a password
- Something the user owns, such as their smartphone
- An inherent element of the user such as their fingerprint.
It is important to mention that these elements must be independent of each other so that if one of them fails it is not possible to authenticate illegitimately with the others.
From the confirmation of these elements we will obtain a one-time authentication code with which to finish the confirmation of the payment. It is guaranteed that this code is impossible to falsify and that from it it is not possible to extract any information about the authentication elements.
The SCA will not apply in all cases but for certain operations these will be exempt from the application of these protocols. Exemptions include:
- Payment terminals not served in transport and car parks
- The Point of Sale (POS) terminals of Contactless System for a maximum of 5 individual payments accumulated for an amount less than € 150 and provided that none of the individual payments exceeds € 50.
- Payments of less than 30€.
- Payments made between companies through B2B methods.
- Credit transfers between accounts of the same holder.
- Those included in lists of trusted beneficiaries.
Consequences of the implementation of the SCA
As far as the user is concerned, it seems that almost everything will be advantages, this will be more protected against future frauds and scams and ultimately increase their confidence when making online payments.
However, the implementation of the measure has caught many companies and businesses by surprise, generally SMEs; which are not yet prepared to guarantee the application of the measure to customers, in addition, there are multiple studies that estimate the losses in the first year of implementation of the measure in billions of euros.