>   >   > 


CONTACTS


Cashless Solutions


cashless@tasgroup.eu

Strong Customer Authentication (SCA)
Are you compliant?

 

From 14 September 2019, under PSD2, Payment Service Providers (PSPs) operating in Europe are required to apply Strong Customer Authentication (SCA) for e-commerce payment transactions.

 

The SCA deadline has been extended to 31 December 2020 in light of industry concerns about the readiness to apply SCA to e-commerce card transactions. Read more here

 

What is SCA?

SCA requires that at least two out of three different authentication factors are provided, otherwise known as two-factor authentication (2FA). This can be something the customer has in their possession, something they know and something they are.

The elements must be mutually independent, so that the breach of one does not compromise the other(s).

 

SCA Exemption

One drawback to requesting authentication is that this can add friction to the payment process, risking cart abandonment during check-out. To mitigate this friction, PSPs can, in some instances, apply SCA exemption.

There are three primary exemptions from SCA allowed that are relevant to online card payments:

    • Low Value Transactions
    • Merchant Initiated Transactions
    • Low Risk Transactions
SCA exemption graph

Transactions up to a certain € value, dependent on the PSP’s overall fraud rate (see table), up to €500, are exempt from SCA. For transactions below €30, no SCA is required. However SCA will be required if five or more exempt transactions have been performed on the same card or payment method in a 24-hour period, or if these exempted transactions total more than €100.

If PSPs are able to determine that a transaction is Low Risk by using Transaction Risk Analysis (TRA), and their aggregate fraud rate is low, they may request an exemption from SCA, enabling frictionless payments, such as a one-click payment, for a better user experience.

In order to use the TRA exemption, the PSP must have sophisticated fraud monitoring tools that enable it to monitor fraud rates and transaction characteristics across its entire portfolio, on a real-time basis.

How TAS Group can help

TAS Group offers PSD2-compliant solutions to help PSPs manage both SCA and SCA exemptions.


to learn how we can support you with your SCA implementation.

3D Secure 2.0

TAS 3D Secure 2.0, the cardholder authentication solution for safer, faster, frictionless payments, implements the latest EMVCo protocol offering a state-of-the-art ACS solution. This protocol makes use of a wealth of transactional and customer data taking into account up to 100 data items such as amount, device, IP address, MCC, delivery details, and account age, making it possible to make better authentication decisions.

By evaluating this additional information, issuers can calculate the level of risk associated with a transaction and decide whether to trigger further challenges, such as biometric, OTP or other types of authentication request. 3-D Secure 2.0 fully complies with PSD2 on Strong Customer Authentication (SCA) and allows SCA Exemption via an optional Intelligent Fraud module. By applying 3-D Secure based on calculated risk, issuers and acquirers can reduce fraud, deliver a better online payment experience and increase conversions.


Download the overview

Transaction Risk Management with
Fraud Protect

Harnessing the power of machine learning and advanced predictive models, the TAS Transaction Risk Management module (part of the TAS Fraud Management suite), performs risk-scoring, taking advantage of information that is available at or before authentication and during authorization. The use of device information, geo or IP location, behavioural biometrics, and scoring using Artificial Intelligence provide a wealth of opportunities to determine the risk associated with a transaction.

Fraud Protect interacts with the Customer environment in real time, be it a PSP, TPP or Merchant, and uses advanced predictive engines to support Transaction Risk Analysis (TRA). In line with PSD2 and with the technical standards issued by EBA for strong customer authentication (SCA), Fraud Protect also offers functions to maximize the application of the SCA Exemption.


Download the overview