How to Prepare for the PSD2 Strong Customer Authentication Regulation

            Beginning September 14, 2019, some banks will be declining online payments that are not protected by additional authentication. Strong Customer Authentication (SCA) is a new legal requirement from the European Union. It comes into effect in September as part of the Revised Directive on Payment Services. PSD2 is aimed at fighting fraud and making online transactions more secure.


            As an online store owner who accepts credit cards or bank transfers online, you’ll need to prepare for this change to provide a frictionless checkout flow for your customers.


            What does Strong Customer Authentication mean?

            Each time you pay for something online, you confirm your identity in a process known as “authentication.” Just like having a key to your front door protects your home from trespassers, authentication protects your money online.

            There are three ways (or authentication factors) to prove your identity:

            ·         Knowledge: a secret only you know (a PIN, a password)

            ·         Ownership: a physical object in your possession (ID, credit card, mobile phone)

            ·         Inherence: a physical feature unique to you (your fingerprint, signature, Face ID, or voice)

            Strong Customer Authentication (SCA) requires anyone processing online payments to require an extra step to verify a customer’s identity when they pay with credit cards or bank transfers online. So instead of a single form of authentication, shoppers will be asked to provide two authentication factors from the list above. The exact method (for example, entering a one-time code) will be chosen by the cardholder’s bank.

            How should you prepare for SCA?

            Responsibility to comply with SCA is mostly on your payment gateway. Your chosen payment gateway will be required to implement an extra authentication step for credit card payments in order to do business in the EU. If you’re doing business in the EU, SCA may apply to you even if you’re not from the EU.

            What if I’m not in the EU?

            If you’re not from — or doing business in — the EU, SCA won’t affect you. However, if your bank is not in Europe but your customer’s is, SCA may still apply. The final decision is up to the cardholder’s bank. So some European issuing banks will require SCA when the payment recipient is outside of Europe, while others may not. If you’re from the US or another non-EU country, but have customers from Europe, it’s a good idea to offer an SCA-compliant payment method anyway to avoid credit card payments being declined. In this case, read the instructions for EU merchants below to learn how to prepare for SCA.

            I’m in the EU.

            SCA applies to you if both your customers and your banks are located in Europe, but your action beyond that depends on how you get paid for your orders.


            I accept credit cards. You’ve got the lucky ticket. SCA applies specifically to credit cards and bank transfers. So it’s important that you make sure your payment gateway is SCA-compliant:

            ·         If you accept credit cards online with Stripe or Square, we’ve automatically taken care of SCA compliance updates for you — just make sure you use our one-page checkout, the latest and most optimized checkout page for your Mopro store.

            ·         If you use other online payment options to accept credit cards or bank transfers (for example,, 2checkout), contact your payment gateway support team to confirm their compliance with SCA. If your payment gateway redirects customers to their website to complete transactions (such as, adjustments will need to be made on the gateway-side according to the new SCA standard. If your payment gateway doesn’t have plans to comply with new SCA requirements, consider adding other payment options to your store. Selling with Mopro E-commerce gives you access to over 50 payment options.


            I don’t accept credit cards. If you only accept payments in cash or by other offline methods, you’re off the hook! SCA only applies to online payment methods in this scenario.


            I’m from the UK.

            If you live in the UK, SCA applies to you. Even if the UK is out of EU, SCA will still apply to  UK citizens. But there’s good news: the UK has extended the compliance deadline, so you have over a year to meet the new requirements.


            Over to you.

            Although SCA doesn’t legally require merchants to comply, it’s strategic to do so for two reasons:

            ·         To be sure you’re not losing customers over transaction failures after September 14.

            ·         To offer additional security for your customers during checkout with SCA-compliant payment gateways.


            Take a couple minutes to revise your connected payment options and let us know if we can help!

            Updated: 21 Aug 2019 03:05 AM
            Help us to make this article better
            0 0