/*close accordion*/ /*Equal heights blog*/ /*GOOGLE ANALYTICS*/

Strong Customer Authentication (SCA) is now live!


Ottobre 22, 2019

sca strong customer Authentication

Strong Customer Authentication is now live across the EU. All transactions within the EU of value exceeding € 30 need to be authorized via SCA as of 14th September 2019, unless an allowed exemption applies.

PSP have more time to implement SCA

However, on 21st June 2019 the EBA issued an opinion that allowed National Competent Authorities (NCA) of each Member State to provide a transition period in the application of SCA to PSPs that requested an extension to get ready. PSPs need to agree with the relevant NCA a roadmap to expedite implementation of SCA.

Who is liable for any fraud during the transition period?

That is a benefit to PSPs to be able to get ready in a more comprehensive structured manner without incurring a penalty from a NCA, but it should be clearly understood and the liability rules stated in art. 74(2) of the PSD2 fully apply during the transition period, so the relevant PSPs bear the same liability as if the transition period were not provided.

What elements are SCA compliant?

Another important note is related with the elements of SCA that the EBA value as compliant. In particular in the 21st June opinion the EBA indicates that card details printed on a payment card are not a compliant possession element/factor as they are easily used by anyone in the event the card is lost/stolen. We share this opinion; however, this make a burden on issuers as they would need to rely on a different possession element and in a number of instances create a new one, and educate their customers as a consequence.

In our opinion, another reason for doing so is to stimulate non-card payment methods as most payment cards run on non-European schemes and the EU would be happy to stimulate EU-based payments methods, such as instant payments.

SMS OTP not secure

A second comment is the use of OTP sent via sms, which the EBA values as a compliant SCA possession element. We are surprised with this decision as sms have been violated several times in Europe (see attachment) so sms are a weak element to protect from fraud. We recommend in-app authentication in lieu of sms as the enhanced security promised by SCA may be at risk.

If you want to learn more about Strong Customer Authentication (SCA), contact us or book a call.

The CleverAdvice Team


Check Out These Related Posts

Pianificazione e Crowdtesting un binomio vincente

Pianificazione e Crowdtesting un binomio vincente

Pianificazione e Crowdtesting un binomio vincente che permette di testare il prodotto/servizio prima di proporlo sul mercato. L’importanza dell’interazione con il cliente Negli ultimi anni le aziende hanno dedicato una attenzione crescente a migliorare la Customer...

Investire nella Transizione 4.0 è investire nel futuro

Investire nella Transizione 4.0 è investire nel futuro

Il Contesto Economico Il presidente di Confindustria Carlo Bonomi - intervistato dal Sole24Ore il 19 gennaio - si è espresso in relazione alle stime di crescita del Pil, affermando che il primo semestre sarà difficile mentre il secondo dovrebbe essere caratterizzato...

Mobilità Ciclistica e Benefici per la Società

Mobilità Ciclistica e Benefici per la Società

Mobilità ciclistica e PNRR L’accesso ai fondi del Next Generation EU o PNRR è vincolato al raggiungimento di alcuni obiettivi concordati con l’Unione Europea. Particolare importanza ricoprono gli obiettivi per la sostenibilità ambientale che costituiscono il 37% dei...