Strong customer authentication or SCA is a requirement of the EU’s Revised Directive on Payment Services or PSD2. The requirement requires that payments use multi-factor authentication as a means of reducing fraud. SCA became law on September 14, and its impact is already being realized. In the UK, where contactless transactions are a part of everyday life, some consumers’ transactions are paused and a prompt at the point of sale requires the buyer to input their PIN. This certainly helps to keep fraud in check, but at the expense of a speedy tap-and-go experience. More on how this is playing out in the UK as reported on Echo:
The Strong Customer Authentication (SCA) law came into force on September 14 and means that one in every five contactless card transactions — whether debit or credit — will be blocked, requiring the card owner to enter their PIN.
A contactless payment will also be blocked when the number of payments add up to more than €100 — even if it isn’t your fifth contactless payment in a row.
This is a form of two-factor authentication, like the touch ID on your phone when making card payments.
The idea is that even if someone steals your card, it’s still highly unlikely that they’ll know your PIN.
If you make your card payment through Apple or Google Pay, you won’t have to re-enter your PIN for every one-in-five contactless transactions that would ordinarily be blocked, as there is already a high level of security involved in these payment methods.
If you use your card to pay for public transport, SCA also won’t apply.
Those hoping for a better experience once Britain leaves the EU will be disappointed. SCA will live on beyond Brexit.
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group