Menu

What is SCA, and what is it good for?

4 min read|Published April 13, 2021
What is SCA, and what is it good for?

SCA stands for Strong Customer Authentication, and it’s a regulatory requirement aimed to increase the security of electronic payment services in the EU and the UK. Here’s a basic summary of what ‘strong’ authentication can look like – and why it’s important.

TL;DR – Quick summary
  • SCA stands for Strong Customer Authentication.

  • Introduced in connection to PSD2, it’s a regulatory requirement aimed to increase the security of electronic payment services in the EU and the UK.

  • To be considered strong, authentication needs to include two out of three factors: knowledge, possession and inherence.

  • SCA adds an extra layer of security and aims to prevent fraud related to online payments.

TL;DR – Quick summary
  • SCA stands for Strong Customer Authentication.

  • Introduced in connection to PSD2, it’s a regulatory requirement aimed to increase the security of electronic payment services in the EU and the UK.

  • To be considered strong, authentication needs to include two out of three factors: knowledge, possession and inherence.

  • SCA adds an extra layer of security and aims to prevent fraud related to online payments.

Strong Customer Authentication is a requirement for authenticating online payments that was introduced in connection to the EU’s revised Payment Services Directive (PSD2). Essentially, it requires banks to request additional forms of validation to confirm someone’s identity in order to complete online payments.*

In practical terms, SCA really boils down to multi-factor authentication (MFA), sometimes also referred to as two-factor authentication (2FA). That is, using at least two out of three possible forms of identification:

  • Knowledge: something you know – such as password or PIN

  • Possession: something you own – such as a mobile phone or other device

  • Inherence: something you are – an individual characteristic, usually relating to biometrics, such as fingerprint or facial recognition

Why is SCA necessary?

The aim with SCA is to add an extra layer of security and prevent fraud related to online payments. Unauthorised card fraud is a serious issue for many people today – for UK-issued cards alone, fraud losses totalled £621 million in 2019.

In the past, physical credit card transactions in the EU already had what could be considered a strong authentication built in, as it required people to have the card itself (possession factor) and input their PIN (knowledge factor). But the same hasn’t been true for online transactions.

With open banking and PSD2 enabling (and of course, regulating) access to data and integration of payments, addressing fraud is important to protect financial institutions, merchants and consumers.

The drawbacks – and the benefits

When first introduced, many online retailers dreaded the idea of having to implement the SCA requirements, fearing it would negatively impact sales. Because it requires that extra steps be added in the checkout process (at least for payment services that did not yet require MFA), it could impact the customer experience and lead customers to abandon their purchase.

But of course, not all SCA flows are made equal. Having to dig up a card reader and type in a long-forgotten and rarely-used password can be a significant hurdle, while having your identity quickly verified through facial recognition on your phone is another.

Although SCA may be cause for concern for some, the benefits are also tangible. Adding an extra layer of security when authenticating the payer’s identity in online banking transactions can reduce the potential for online fraud, reduce costs associated with fraudulent transactions, and increase confidence for consumers using online payments.

Tink’s fully managed authentication solution, called Tink Link, lets you take care of end-user authentication and payment flows with a single line of code. It’s also optimised to provide users with the most intuitive authentication flow available, improving security without standing in the way of a payment.

You can learn more about it in the Tink Link page – or try our demos to see how it works.

*Note: not all online payments in the EU are subject to SCA. There are some exemptions, such as for low-value transactions and recurring payments.

More in Open banking

UK consumers expect fast and frictionless payment journeys
2022-05-18 · 5 min read

UK consumers expect fast and frictionless payment journeys

Tink’s latest UK survey shows that nearly 9 in 10 consumers (88%) are prepared to abandon a transaction if faced with friction when making a payment online, highlighting the need to ramp up payments innovation and focus on user experience

Open banking
Build vs buy – a lender’s guide to the pros of partnership
2022-05-17 · 6 min read

Build vs buy – a lender’s guide to the pros of partnership

In today’s digital world, it’s all about data – and the seamless user experiences it can power. Learn about the importance of real-time data, optimal UX, and more in this guide to building vs buying.

Open banking
Get to know the tech behind better risk assessments
2022-05-11 · 4 min read

Get to know the tech behind better risk assessments

Open banking can help make better informed risk decisions – but access to data is just a part of the puzzle. Find out why quality account aggregation and data enrichment are the foundations of a standout risk assessment process.

Open banking

Get started with Tink

Contact our team to learn more about what we can help you build – or create an account to get started right away.

Contact our team to learn more about our premium solutions or create a free account to get started right away.