Brief Overview of SCA

SCA or Strong Customer Authentication, is a requirement of Europe’s revised Payment Services Directive 2 (PSD2) mandate to increase security and minimize fraud risk around electronic payments. PSD2 aims to protect consumers, promote banking innovation, and facilitate safer cross-border European payment services. SCA first came into effect in 2019. With approval by the EEA, the implementation deadline was pushed to December 31, 2021.

Authentication

SCA requires that electronic payments utilize multi-factor authentication. To pass authentication, two of the following three criteria must be met:

 

Article 4 of PSD2 defines SCA as an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses), and inherence (something the user is).

Banks have the authority to decline payments that do not meet the authentication criteria.

Who is affected?

SCA applies to customer-initiated transactions in which both the merchant™s acquiring bank and the bank issuing the buyers debit or credit card are located within the European Economic Area (EEA).

SCA Exemptions

Some exemptions apply depending on the amount of the transaction, the degree of perceived risk, and the frequency of occurrence. Examples of exemptions in place include:

Low-risk transactions

  • The payment provider or banks overall fraud rates for card payments do not exceed defined thresholds.
  • The transaction totals less than 30. *However, there are limitations on the number of times an exempt transaction can skip authentication.

Fixed-amount subscriptions

  • Recurring transactions in which the customer pays the same amount to the same business. The first payment is authenticated. For example, Stripe Billing uses this exemption.

Phone Sales

  • Card details collected over the phone fall outside the scope of SCA and do not require authentication. This type of payment is referred to as Mail Order and Telephone Orders (MOTO). However, the cardholders bank has the right to accept or reject the transaction.

Benefits of SCA

Along with adding additional protection for consumers, SCA benefits businesses by:

  • Reducing fraud
  • Increasing consumer confidence around online transactions
  • Emphasizing market-wide compliance

Blackthorn is SCA-Ready

We see SCA and the PSD2 mandate as an opportunity to provide customers with a more secure experience and promote compliance in the payment ecosystem. We’ve added 3D Secure 2 (an industry-accepted method) protocols to our checkout flows to meet SCA requirements. The following Blackthorn Payments features are SCA supported:

  • Capturing a Transaction through PayLink with SCA regulated Payment Methods.
  • Capturing a Transaction through Donations with SCA regulated Payment Methods.
  • Capturing SCA regulated Payment Methods and Transactions through the Virtual Terminal.
    *Requires an additional configuration.
  • Capturing SCA regulated Payment Methods through the Transaction object.
    *Requires an additional configuration.

If a transaction fails, it will create a notification in Salesforce, and a reattempt request will automatically trigger, depending on the logic set.

Is Action Needed?

Teams working in the EEA using Blackthorn Payments can easily enable SCA in Salesforce by following the steps outlined here.

If you have any questions about SCA requirements and are interested in learning how Blackthorn Payments can help your team navigate these new regulations, we are happy to help. Talk to one of our experts.


References:

https://en.wikipedia.org/wiki/Payment_Services_Directive

https://stripe.com/guides/strong-customer-authentication