What is PSD2 SCA compliance?

What is PSD2 SCA compliance?

Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.

Is SCA part of PSD2?

Strong Customer Authentication (SCA) is a new requirement of the second Payment Services Directive (PSD2), which aims to add extra layers of security to electronic payments.

Which payments will SCA apply to?

Face-to-face payments: SCA can apply to face-to-face payments, so that banks can ensure that payments are being made by the genuine cardholder. Chip & PIN transactions are compliant, but sometimes your customers may be prompted to enter their PIN when making contactless payments.

What SCA compliant?

Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online and contactless offline payments more secure. Banks will need to start declining payments that require SCA and don’t meet these criteria.

What happens if you are not PSD2 compliant?

The PSD2 mandate is for banks, not for merchants. This means that issuing banks that approve non-compliant transactions are violating the law in their home country.

Is 3D secure the same as SCA?

Luckily for merchants and issuing banks, 3D Secure 2 is fully aligned with the PSD2 directive and includes SCA as a key feature that promotes safer-than-ever online payments.

What does SCA stand for?


Acronym Definition
SCA Sudden Cardiac Arrest
SCA Student Conservation Association
SCA Service Contract Act
SCA Small Craft Advisory

Who needs PSD2 compliant?

PSD2 hinges on a critical connection between retailers, fintechs, and banks. This relationship will be powered by APIs that banks need to open to any Third-Party Provider that wants to aggregate account data and/or initiate payment services.

Who must comply with PSD2?

As stated above, the PSD2 applies to any transaction in which the transmitting and receiving bank are within the EU or EEA. It will, however, have some impact on businesses in other regions, including the US. Any merchant doing business in the EEA will need to ensure that their transactions are SCA-compliant, for one.

Is 3D Secure still used?

3D Secure 1.0 – Protecting Card Payments Online Since its initial launch over a decade ago, the 3D Secure 1.0 specification has since been rolled out across all major card schemes (Visa, Mastercard, American Express) and is widely used online today.

What is an SCA exemption?

Obtaining an exemption essentially allows a transaction to take place without adhering to the SCA requirement of needing two factors of authentication. While that may sound appealing, two potential pitfalls could deeply impact revenue: You will be responsible for any fraud-related chargebacks on exempt transactions.

What is the treatment for SCA?

Treatment. There is currently no treatment or cure to slow or stop the progression of SCA or the damage to the cerebellum. Patients work closely with a neurologist to develop a personal plan to deal with the symptoms of ataxia, which can include speech therapy, occupational therapy, and physical therapy.

What does PSD2 mean for payment service providers?

To achieve better consumer protection, PSD2 mandates that payment service providers implement Strong Customer Authentication (SCA) for e-commerce transactions. For card payments, you can achieve SCA by performing 3-D Secure Authentication (3DS).

How to comply with PSD2 SCA and claim exemptions?

For information on how to comply with PSD2 SCA and claim exemptions (where applicable) via the Mastercard Payment Gateway, see integration guidelines for each of the 3-D Secure (3DS) integration models using the links below: The Revised Payment Services Directive (PSD2) is legislation effective in the European Economic Area (EEA).

What kind of transactions are not covered by PSD2?

The PSD2 SCA mandate only applies to e-commerce transactions. The following transactions do not require SCA under PSD2: Card present, mail order, telephone order, voice response, and call center transactions Transactions for anonymous cards, for example prepaid cards and gift cards

When does a payment do not require SCA?

If the issuer grants the acquirer exemption, the payment does not require SCA. The payer will experience a frictionless flow. Where the issuer declines the acquirer exemption, they may still apply an issuer exemption. In this case, the payment does not require SCA.