Strong Customer Authentication

Strong Customer Authentication (SCA) is a level of authentication defined in the revised Payment Services Directive (PSD2). SCA ensures that multi-factor authentication is used to secure electronic payments. 

SCA came into force on 14th September 2019, however many organisations have struggle to meet the deadline and many EU member states have agreed to delay the rollout or phase it.

Article 97(1) of the directive requires that payment service providers use strong customer authentication where a payer:
A) accesses its payment account online;B) initiates an electronic payment transaction;C) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

Article 4(30) defines “strong customer authentication”
An authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inference (something the user is) that are independent, in that breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.