Skip to main content
Learn more about the latest security and privacy threats
Back to Glossary

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a regulatory requirement under the EU’s PSD2 directive. It mandates multi-factor authentication (MFA) for certain online payments to reduce fraud and improve security.

About Strong Customer Authentication (SCA)

What are the SCA requirements?

SCA requires at least two of three factors: - Something the user knows (password or PIN) - Something the user has (phone or token) - Something the user is (biometrics)

Which transactions require SCA?

SCA applies to most electronic payments within the European Economic Area. However, exemptions include low-value payments, recurring transactions, and trusted beneficiaries—though these still require dynamic risk assessment by the payment processor.

What are the most common challenges with this topic?

Merchants face increased cart abandonment due to added friction. Some banks’ inconsistent SCA implementations also cause failed transactions. Additionally, exempting too many transactions may lead to higher fraud rates, defeating the regulation’s intent.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.

Book a Demo