Global Corner: Raising the standard for authentication

In addition to Brexit, business headlines in Europe in recent months have focused heavily on data privacy and security reforms.

Along with General Data Protection Regulation (GDPR) requirements, European merchants adopted new consumer authentication rules this year. The Strong Customer Authentication (SCA) requirement launched in Europe on Sept. 14, 2019, protecting consumers with more secure online payment standards.

Merchants are required to put processes in place that allow card issuers to authenticate consumers using unique pieces of personal identification from at least two of the following factors:

  • Something a customer would know (personal security information such as memorized passwords registered with the issuer, or a PIN code)
  • Something a customer has possession of (a mobile phone, for example)
  • Something individual about the customer (biometrics, for example, including fingerprint, iris scan, face/voice recognition)

While the requirement will help prevent fraudulent payment activity across Europe, customers may experience increased friction in the payment process as issuers comply with the new rules. Merchants need access to the latest version of 3D Secure technology, backed by a strong fraud screening program, to optimize their customers’ experience.

SCA is part of the EU’s Revised Payment Services Directive (PSD2), which went into effect across the EU in January 2018. While this does not impact U.S. merchants at this time, it could be implemented more broadly in the future.

The Strong Customer Authentication (SCA) requirement
launched in Europe on September 14, 2019.

Get Started


Call Us