What is SCA and what does it mean for UK businesses?

  • The possession of a mobile (so mobile banking), a physical identity or token card
  • A PIN, account number, address or secret answer to a question
  • Low-value transactions below £25 are also to be excluded from SCA’s requirements. However, the issuer bank, being allowed to track low-value transactions, may request cardholder identity authentication if this exemption has been used five times since the cardholder’s last successful authentication, or if the sum of these payments exceeds £85.
  • Trusted beneficiaries — such as companies or accounts that the customer has already whitelisted (marked as trusted) — are also to be excluded from SCA requirements. However, if these are amended, or new beneficiaries set up, then the SCA process will be required.
  • Secure corporate payments which are initiated through dedicated corporate processes and protocols are exempt from SCA. These might include physical and virtual commercial cards. Still, corporate payments will be subject to strict transaction monitoring, security and fraud prevention.
  • Contactless point-of-sale transactions according to Article 11 of the Regulatory Technical Standards on SCA, and when certain conditions are met, issuers may choose not to apply SCA — e.g. when a transaction does not pass £45 and when past consecutive transactions do not total more than £130 since the last time SCA was applied.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Citizen enables instant, cardless, account-to-account payments via their payment solution platform, PayBlox. https://paywithcitizen.com