What is SCA and what does it mean for UK businesses?
The Payments Services Directive 2 (PSD2), introduced across the UK and Europe over the last few years, has brought more innovation and a safer space for online payments. It has also led to additional payment security measures such as Strong Customer Authentication (SCA).
Since 14 March 2022, SCA — brought in to reduce the risk of fraudulent transactions — is now a mandatory part of any payment made online worth more than £25 (€30 in Europe).
If you pay online with a debit or credit card, you will typically see SCA come into effect when you are asked to authorise a transaction with a code or through your banking app before your payment is processed.
Quick shout out: If you use Citizen to make a payment, SCA is already built-in to your bank’s process, so there’s no additional requirement. Another reason why account-to-account payments are a sensible alternative to cards… Try Citizen now.
What is SCA?
Strong customer authentication is the process imposed by your bank or payment provider to verify your identity when you’re making payments online. The aim is to make sure that a payment has been initiated by the account holder themselves, rather than a criminal party.
How does SCA work?
SCA has been designed to be as efficient and effective as possible. A customer can authenticate themself using their laptop, mobile phone or tablet by following a two-step process (2-factor authentication (2FA)), as opposed to the single-step process that existed before.
The customer can choose two out of the three following methods to authenticate themselves.
Authentication can be conducted via:
- Biometrics (fingerprints, facial scanning or voice pattern)
- The possession of a mobile (so mobile banking), a physical identity or token card
- A PIN, account number, address or secret answer to a question
The UK’s financial body, the Financial Conduct Authority (FCA), is expecting businesses to be prepared and to support SCA solutions for all types of customers. Choosing the methods of authentication is the customers’ responsibility, not the merchant’s, but the bank or payment service provider is responsible for keeping customers up to date with any additional changes to security procedures.
Do all types of payments need to include SCA?
No, some payment types are subject to exemption or to minor changes. Payments that may avoid SCA are:
- Recurring payments, such as subscriptions, must be amended according to SCA requirements, but afterwards, these payments will not have to be changed if the value of the transaction and the account details remain the same.
- Low-value transactions below £25 are also to be excluded from SCA’s requirements. However, the issuer bank, being allowed to track low-value transactions, may request cardholder identity authentication if this exemption has been used five times since the cardholder’s last successful authentication, or if the sum of these payments exceeds £85.
- Trusted beneficiaries — such as companies or accounts that the customer has already whitelisted (marked as trusted) — are also to be excluded from SCA requirements. However, if these are amended, or new beneficiaries set up, then the SCA process will be required.
- Secure corporate payments which are initiated through dedicated corporate processes and protocols are exempt from SCA. These might include physical and virtual commercial cards. Still, corporate payments will be subject to strict transaction monitoring, security and fraud prevention.
- Contactless point-of-sale transactions according to Article 11 of the Regulatory Technical Standards on SCA, and when certain conditions are met, issuers may choose not to apply SCA — e.g. when a transaction does not pass £45 and when past consecutive transactions do not total more than £130 since the last time SCA was applied.
How is SCA impacting the online shopping experience?
Essentially, customers are being asked to verify their identity when shopping online. But being able to protect payments and spot fraudulent activity without harming the experience the merchants are offering has been a challenge for regulators.
The main benefit of SCA is the extra security it adds. Fraud is something that has been costing merchants money in chargebacks, customers and brand loyalty for a long time, as well as being upsetting for the consumer. SCA is meant to deliver a net benefit in saving money and frustration over time.
On the other hand, the main drawback is the addition of extra steps to the online purchasing experience. As all online operators know, the addition of extra elements to a journey creates friction that can lead to customer dropout, possibly a reduction in sales and other complications.
> Remember, this applies if your business is taking debit or credit card payments. With account-to-account transactions such as Citizen’s, there is no additional step for SCA as it’s already integral to the customer’s online bank experience.
How to comply with SCA requirements as an eCommerce business?
The majority of eCommerce businesses work with a payments gateway, card acquirer or some other third-party technology partner to process their online payments. These partners should all have incorporated SCA within their processes by now. Those familiar with the 3-D Secure (3DS) verification process for card payments should see a substantially improved process with 3DS version 2.0.
How does SCA affect charities and nonprofits?
Nonprofit organisations have expressed concerns over the requirements of SCA and its potential impact on donations. In the nonprofit sector, payments of any amount can make a difference and the FCA has told acquiring banks and card issuers to work with charities and nonprofits to make sure that SCA does not negatively impact contactless donations.
> Citizen is the sole payment method chosen by charity platform Wonderful for its donations. No SCA, no hassle, and donations breeze through.
Why is Citizen the best option for SCA payments?
Citizen’s PayBlox platform is a fast, secure and intuitive payment solution that offers cardless payments. We enable users to transfer money quickly and securely from their bank account to the merchant’s account (without the hassle of typing in account and security numbers). The payment journey is simple, completed in three steps, and a customer uses their existing online banking system which has full authentication already built-in.
> Key takeaway: With Citizen, there is no additional SCA process on payments.
How Citizen works
Citizen’s PayBlox software is a purpose-built payments solution that can be integrated into your existing systems to allow you to offer secure, instant account-to-account payments with a great customer experience. PayBlox is quick to set up (and we have plug-ins for most shopping carts), and we provide you with fully tested end-to-end UX optimisation to ensure you have a payment experience worthy of your brand.
You can add Citizen as a payment option at checkout alongside your existing providers. We work with many brands, large and small, across the UK and Europe, and would love you to try it in your business.