Skip to content
× FreshBooks App Logo
Official App
Free - Google Play
Get it
You're currently on our US site. Select your regional site here:
4 Min. Read

What Is SCA? (Strong Customer Authentication)?

What Is SCA? (Strong Customer Authentication)?

In the modern-day, there is a litany of different ways and methods for a consumer or business to make a payment.

It’s a far-flung cry from the days of cash as king. A recent study has revealed that cash payments represented just 19% of all transactions in the US in 2020.

Nowadays, it’s far more common to see people paying with credit cards and debit cards, or hardware such as smartphones with digital wallets.

But with these new methods, come new ways for people to fraudulently access and use other people’s hard-earned funds.

That’s where SCA comes in.

But what exactly is SCA? We’ll take a closer look.

Here’s What We’ll Cover:

What Is SCA?

Are American Businesses Affected By SCA?

Is SCA a Good Thing?

Will SCA Be Applied to Every Transaction?

Key Takeaways

What Is SCA?

Strong Customer Authentication, or SCA, is a new European regulation that is designed to help prevent online transaction fraud.

It works by forcing banks to require additional user authentication. They will need this information before they can authorize any payments.

The requirements that SCA requires are similar to the popular two-factor authentication method. But SCA’s requirements are more complicated and slightly stricter.

For a bank or service provider to authorize a payment, then a customer must first authenticate the payment. They can do this by using at least two of the three following factors:

  • Something they have (a mobile phone or hardware token)
  • Something they know (such as a debit card PIN number or a password)
  • Something they are (something unique to them such as facial recognition or their fingerprint)

These levels of authentication make it far more difficult for criminals or scammers to commit fraud.

Any bank or service provider that doesn’t receive at least two of the above authentication factors must refuse to process the payment.

Are American Businesses Affected By SCA?

SCA is a European regulation. So all businesses that are based in the European Economic Area (EEA) will need to comply with the rules.

Businesses based in the U.S. that process transactions from cards based in the EEA are not subject to the rules that SCA implements.

Yet, many American banks and businesses are changing their current authentication process.

This is to avoid potential transaction declined from banks in Europe. They also have an eye on minimizing the impact of fraud attempts on their business.

Banks such as J.P. Morgan and Bank of America have already started to use the SCA model and many are expected to follow.

If your business deals with Europe in any capacity, then you shouldn’t ignore the SCA requirements. If you do, you could end up with a large amount of declined transactions and a potential loss of business.

Is SCA a Good Thing?

Many will point to the benefits of SCA outweighing any potential negative factors.

With SCA regulations in place, it will be far more difficult for both consumers and businesses to be subject to scams or fraud. This means that online shopping and transactions will become far safer.

However, some e-Commerce businesses are wary of the potential effects that SCA will have on their businesses.

They believe that SCA will add friction to the customer experience. This, in turn, could lead to higher rates of “cart abandonment” by customers. They think shoppers will get frustrated with the layers of authentication they will be required to go through.

They worry that any savings they may make from the decreased fraudulent activity will be offset by their lower conversion rates.

Will SCA Be Applied to Every Transaction?

Under the current EEA legislation, a payment provider is allowed to do a risk analysis on each transaction to determine whether or not to apply SCA.

This tends to only be possible if the payment provider’s or bank’s fraud rates for card payments do not exceed the following thresholds:

  • 0.13% to exempt transactions below €100
  • 0.06% to exempt transactions below €250
  • 0.01% to exempt transactions below €500

It is possible that any U.S. bank or payment provider could implement a similar system.

Key Takeaways

With SCA looming large in Europe, it is yet to be seen if this will be fully adopted by U.S. banks and businesses.

We live in a world that is heading further and further towards online banking and online transactions. Therefore any form of payment protection should be welcomed.

Though the question to be asked is whether we would prefer security or convenience.

Are you looking for more business advice on everything from starting a new business to new business practices?

Then check out our FreshBooks resource hub.