Strong Customer Authentication (SCA) is a key requirement of the 2nd Payment Services Directive (PSD2) for digital transactions in Europe and goes into effect September 14, 2019. Some of the objectives of PSD2 include enhancing security, contributing to the integration of payments in the EU, protecting consumers and enhancing customer convenience.
Strong Customer Authentication, as defined in the European Banking Authority’s Regulatory Technical Standards for PSD2, requires two of the following three:
Both issuers and acquirers (merchants) will be required to support an SCA solution, which can be fulfilled using 3-D Secure.
The RTS (Regulatory Technical Standard) includes exemptions to SCA when certain conditions are met. For instance, low-risk transactions that can be authenticated using Transaction Risk Analysis (TRA), low value transactions, transactions with entities that the consumer has added to a “white list” with their issuer, and more.
CardinalCommerce fulfills the SCA requirement for both issuers and merchants using EMV® 3-D Secure, leveraged by the Cardinal Authentication Network. Cardinal Consumer Authentication for merchants, which incorporates EMV 3DS, uses a rules engine that allows merchants to manage exemptions, control the consumer experience, and know when SCA must be invoked. Visa Consumer Authentication Service, Cardinal’s issuer ACS, incorporates risk-based authentication using Visa’s proprietary risk score with dynamic methods when a challenge is needed to comply with the SCA requirement.
Authentication is Cardinal’s sole focus. We have created authentication solutions since the early 2000s and continue to innovate and deliver new capabilities to help our merchants and issuers drive better decisioning for superior performance and a better consumer experience.