To make online payments more secure for consumers and businesses, the European Payment Services Directive2 (PSD2) has added Strong Customer Authentication (SCA).
This regulation applies to all online transactions where both the cardholder's bank and the merchant's payment service providers are located in the European Economic Area (EEA).
SCA is a new form of two-factor authentication that introduces an additional level of security for online payments and takes effect on December 31, 2020.
This implies future online transactions being verified by two factors. For example, by password/PIN and a token.
Online payments that were formerly paid with credit card and security number (PIN) will be extended by a second security factor (2FA).
As a purchaser you will now require two of these three factors:
- Knowledge: Password, PIN
- Possession: Smart card, TAN generator, registered smartphone
- Inherence: Fingerprint, facial features
The new SCA rule only applies to payment processes that are carried out online.
Excluded from this rule are:
- SEPA direct debits
- Amounts up to 30 Euro.
- Recurring transactions (e.g.: subscriptions - only the first transaction requires SCA).