Scroll Top

Related Terms

DEFINITION

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a regulatory requirement under the European Union’s Revised Payment Services Directive (PSD2) regarding added security during electronic payments. It stipulates that financial institutions must utilize at least two of the three authentication factors. These factors can be categorized as: something you know (knowledge), something you have (possession) and something you are (inherence).

This is done to prevent risk in cases where one authentication factor may be compromised. For example, your phone got stolen or someone knows the answer to your security question.

Synonyms

Multi-factor authentication

Acronyms

SCA

Share

Synonyms

Multi-factor authentication

Acronyms

SCA

Examples

Common forms of authentication across the three categories are:

Security questions regarding your first pet, teacher’s name, or other hard-to-guess information for knowledge. Knowledge also covers typing in your password or PIN.
Authenticating via your phone or other connected device for possession.
Biometric authentication such as your fingerprint or face ID for inherence.

In practice, this can mean that before processing an online payment, you might be asked to, for example, type in a one-time password (OTP) sent to your phone and the name of your first pet. When SCA will be used will typically vary depending on the account and the transaction in question.

FAQ

The three SCA factors can be categorized as: knowledge (passwords, pins, security questions), possession (a different connected device), and inherence (biometric authentication).

Within the EU, SCA is required for most electronic payments. Exemptions can be made for recurring payments or low-value transactions.

By requiring two different forms of authentication, SCA makes it harder for threat actors to gain unauthorized access, reducing fraud risk. In other words, even if one form of authentication is compromised (such as a stolen phone or leaked personal information), threat actors still can’t make payments in your name.

Related Terms

Share

Join the Future of Banking

Book your demo today and see why leading financial institutions
worldwide trust Atfinity to drive their digital transformation.

Join the Future of Banking

Book your demo today and see why leading financial institutions worldwide trust Atfinity to drive their digital transformation.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.