New SCA Guidance Published
Strong Customer Authentication (SCA) is a new set of rules that changes how consumers confirm their identity when making purchases online to help further protect them from fraud.
All merchants, including their acquirers and/or gateways, must be ready to support SCA to avoid declined transactions and adverse impacts on your businesses.
SCA is required for all non-exempt transactions across the EU from 31 December 2020, and will apply increasingly in the UK in 2021.
The Programme Management Office (PMO) for Strong Customer Authentication (SCA) have published a comprehensive new SCA Guidance Document (log-in to download).
All players in e-commerce are encouraged to review this guidance which replaces an earlier version published in October. The document includes new information on transaction risk analysis (TRA) exemptions and Low Value Remote Payments.
The Guidance seeks to provide a uniform and consistent approach to be applied to SCA across the payments industry. Whilst not legally binding, the guidance provides a welcome layer of granularity for the industry. The guidance is not sector specific, but seeks to provide clarity and guidance on the most common issues which have arisen.
The SCA Programme Management Office expects to update this guidance to include additional sections, for example dealing in detail with GDPR considerations of behavioural biometrics, as discussion on these topics concludes.
JANUARY 2021 UPDATE: The PMO have now published a communication on Authentication Methods and Vulnerable Customers which can be accessed here.
Also available here is an FAQ document for issuers (log-in to download) which may include information that members find useful on issuer plans for SCA implementation and ramp up.
SCA implementation is now required by the revised date of 14 September 2021, however retailers that have not already begun to prepare and have not discussed SCA with their gateway or card acquirer should do so immediately.