The enforcement date for the implementation of Strong Customer Authentication (SCA) in the UK is coming up very soon – 14 March 2022. By this date, which was delayed from last year due to coronavirus, all payments made online will need to comply with the new set of rules, introduced as part of the EU Payments Services Directive (PSD2) launched in January 2018. While the roll-out took place across the EU last year, in the UK the Financial Conduct Authority (FCA) provided a longer lead time for enforcement to minimise the impact on both consumers and businesses.
What are the SCA requirements?
SCA is a set of rules that strengthen the process of confirming the customer’s identity when making purchases online with the aim of reducing the risk of card fraud. It requires ‘multi-factor’ authentication to be applied to all transactions over the value of €30, using at least two of the following:
- Something the customer knows – a PIN or password
- Something the customer has such – smart phone or card reader
- Something the customer is – biometric data such as fingerprint or facial recognition
What should businesses do?
To confirm that SCA has been applied, businesses will need to check with their payment gateway service provider that their system technology has been upgraded with 3D Secure versions 2.1 or 2.2 that enable the two-factor authentication at the time of the transaction. While the prevention of card fraud is important, so too is ensuring a positive customer experience so is also worth exploring which exemptions could be applied to certain payments and also making sure that the correct flagging of transactions (for example, those that are exempt or out of scope) is in place to avoid any unnecessary payment declines.
It’s worth also noting that SCA does not apply to payments made over the phone.
What happens if your system isn’t ready for SCA?
Non-compliant e-commerce transactions that are attempted after 14 March 2022 will be declined, causing inconvenience to the customer and an unnecessary cost to your business. Ensure the smooth transition to multi-factor authentication by checking that your processes and technology are ready today.
Here at PCI Telecom, we create bespoke card payment processing solutions that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA for online transactions.
You can find out more about our online payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.