Strong Customer Authentication (SCA) is a security requirement for authenticating online payments in the European Economic Area (EEA). It is part of the second Payment Services Directive (PSD2). SCA requires that customers authenticate themselves with at least two of the following three factors: Knowledge (something they know, like a password or PIN), Possession (something they have, like their phone or a hardware token), and Inherence (something they are, like a fingerprint or face scan).
Frequently Asked questions (FAQs)
- Does SCA apply to in-person payments?
Yes, but most modern in-person payment methods already meet SCA requirements. For example, a Chip and PIN transaction uses both possession (the card) and knowledge (the PIN). A contactless payment made with a digital wallet like Apple Pay uses possession (the phone) and inherence (fingerprint/face scan). - As a user of Charge for Stripe, do I need to do anything for SCA?
No. The payment methods supported by the app (like contactless and digital wallets) are designed to be SCA-compliant. Stripe and the app handle the technical requirements in the background. - Does SCA apply outside of Europe?
Currently, SCA is a legal requirement only in the European Economic Area. However, the principles of multi-factor authentication are a global best practice for improving payment security.
Related terms: