SCA: What is it and conditions to apply it

by
The European law to avoid online fraud was implemented a year ago, forcing the implementation of user authentication factors in certain cases. In this post, we explain when it is mandatory to apply these factors and when not.

The technological advance that the Internet brought about in the beginning has been growing exponentially to this day, helping to improve and facilitate people’s daily lives. But there have also been people who have used it maliciously and new forms of fraud have been devised, such as identity theft or theft of funds.

The European directive PSD2, which we will discuss below, was developed to give greater protection to the user, forcing the implementation of the SCA. In this article, we will tell you more about the SCA.

1. What is the SCA?

 

SCA means “Strong Customer Authentication” by its acronym. It came up with the PSD2 law, which requires the use of this tool in all online payments to avoid online fraud.

The SCA mainly consists in asking for two ways of authentication before being able to make an online payment. There must be two authentication factors out of these three:

  • Something that the client knows: It can be a pin or password.
  • Something that the client has: It can be their mobile phone or their credit card.
  • Something that the client is: It can be a fingerprint or any other biological feature measurable by a smartphone, such as the face through facial recognition.

2. SCA conditions

 

The authentication factors mentioned above will be requested if an online purchase is made on a European website. Because the PSD2 law ensures the safety of the user, it must make it impossible for anyone to know any other factor if the one entered is wrong. For this, there are four conditions:

  • If a mistake is made when entering the code, the wrong factor will not be indicated.
  • The maximum number of errors is five before temporary or permanent blocking.
  • If the user is inactive for five minutes, they will be asked again to use SCA factors.
  • The data must be safe from the interference of third parties to avoid data capture.

 

3. SCA exemptions

 

Payment service providers may not apply the SCA in the specific cases listed below:

  • Contactless POS: In contactless card payment terminals, the cardholder can “swipe” the card up to five consecutive times if the total value of the purchases does not exceed the total of 150 euros or if any of them individually does not exceed 50 euros. If it is exceeded, the user will be asked for their PIN in the most common of cases.
  • Electronic payments: Up to five consecutive operations if the total amount does not exceed 100 euros or if no individual operation exceeds 30 euros. As in the previous case, if this limit is exceeded, you will be asked for authentication again.
  • Automatic POS for transport and parking.
  • In transfers from the same person or company in the same bank.
  • When the beneficiary is on the payer’s trusted beneficiaries list.
  • When the same payer makes recurring operations towards the same beneficiary and these are always the same amount.
  • Electronic payments only accessible to legal entities with special protocols.

STEL Order

The editorial team of STEL Order is formed by professionals with experience in the different fields of management and invoicing of companies and freelancers. Contents edited, revised and updated by professionals. If you wish to suggest any changes to the articles, you can do so by sending an e-mail to the following address: marketing+redaccion@stelorder.com.

Linkedin profile

Post published on: 2 de March de 2021
Post modified on: 24 de October de 2023

Last articles

What is an ERP: Definition, types, advantages and disadvantages

Predictive maintenance: What is it and steps to do it correctly?

Credit Invoice: What is it and how to make it correctly?

How to make an invoice: Mandatory data, who can issue and deadlines for retention

years with you

Try for FREE the ERP management software that your company needs, with all the help you need.

Try it for FREE

STEL Order

Useful readings

Copyright © 2000-2024 STEL Solutions S.L.