What is Strong Customer Authentication?

What is Strong Customer Authentication?

Strong Customer Authentication (SCA), also known as 3D-Secure, is a new set of rules that will change how you confirm your identity when making purchases online. This is an added layer of security to confirm it is really you. This could mean a bank or provider using a number of ways to verify a purchase or login such as a passcode via text message, receiving a phone call to their landline, a card reader or using your banking app on your smartphone. SCA is being introduced to help further reduce fraud. With an increasing number of purchases being made online, these new rules will provide the extra protection necessary to ensure that you are safe when purchasing online and that your money is better protected.

 

What will SCA mean for you?

These rules will apply to you when making an online purchase or banking online. When buying items from online retailers, you may receive a text message from your bank or provider containing a passcode. You will then be prompted to enter this code on screen before payment will be taken.

Banks or providers may also offer alternative ways of authenticating. These can include a call to a landline phone, a card reader, or using your banking app on your smartphone.

When using online banking, you will be asked to verify who you are in a similar way as for online shopping. If you bank via an app then you may have already provided the authentication needed by using your fingerprint, a code, or facial recognition to log in. You may not be asked to prove their identity in this way for every purchase or transaction.

 

What does SCA apply to?

Unless a transaction is out of scope or an exemption applies, providers must apply SCA in specified scenarios, i.e where a customer:

a) accesses their payment account online;
b) initiates an electronic payment transaction; or
c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

All electronic payments initiated by you are covered by the scope of the SCA requirement, unless one of a limited number of exemptions applies. This scope is broad as it covers both remote and face-to-face electronic payments initiated by the payer and extends to all channels or devices through which initiation occurs, so including payments made through a browser, mobile, in-app, devices using the Internet of Things (IoT), as well as payments made via a terminal where the data extracted in relation to the payment is all electronic.


Information supplied by ukfinance.org.uk: https://www.ukfinance.org.uk/strong-customer-authentication/frequently-asked-questions