FAQ: PSD2 and Strong Customer Authentication

Includes the latest information on the UK SCA implementation plan

PSD2 is a revision and a replacement of the first Payment Services Directive, regulating all payment services across the European Union (EU), the European Economic Area (EEA) and the United Kingdom. It became effective in January 2018 aiming to create a more open, competitive payments landscape across Europe. The revised directive introduced Strong Customer Authentication (SCA) – a set of new requirements for authenticating online payments expected to become mandatory at the end of 2020 across the EEA region and in September 2021 in the United Kingdom.

By when do I have to get my checkout ready for SCA?

The UK SCA Industry Implementation Plan providing detailed timelines on the roll out of Strong Customer Authentication in the United Kingdom was recently published. According to the plan, a five months long market readiness phase will start on January 1. During this period e-merchants and issuers are expected to complete their SCA implementations. Starting June 1 issuers will start to randomly check if e-commerce transactions are SCA compliant and will soft-decline those that are not. On September 14, 2021 SCA will be fully enforced in the UK.

Given the implementation timeline above, UK based e-commerce merchants should ensure that all enabled payment methods can handle the new requirements on time to avoid loss of business. Merchants delaying SCA readiness beyond May 2021 may see transaction declines.

It is also important to note that the card-issuing bank or payment service provider will determine if a transaction requires verification. UK businesses receiving payments from cards issued in an EEA country, where SCA will be enforced by the end of this year, may therefore need to prepare for an enforcement deadline of December 31, 2020.

What does SCA mean for me and my online shop?

Presenting an authentication challenge in your checkout experience equates to an extra step in the flow which could lead to friction and may increase cart abandonment. Making the authentication process efficient is therefore key to keeping your abandonment rates low.

How does SCA work exactly?

SCA will apply to customer-initiated, online card payments where both, the business and the card holder’s bank are located in the EEA region or the United Kingdom. This means that it will impact all businesses accepting payments online in the EU and the UK.

SCA will require payments to be verified by the customer during checkout using at least two of three possible methods:

  • Something the customer knows - such as a password
  • Something the customer possesses - such as a token or a mobile phone
  • Something the customer is or that is unique to a specific person - such as a fingerprint

The most commonly used mechanism for card payments is 3DSecure. Customers know 3DSecure under the name of “Verified by Visa” or “Mastercard Identity Check”.

Are there exemptions from SCA?

In addition to other exemption types, specific exemptions exist for certain transactions deemed as low risk if they meet certain conditions. Applying exemptions appropriately during checkout will allow card issuers to make accurate decisions whether an SCA challenge is required or not. Making your verification process efficient will help you to smoothen your checkout experience and retain high conversion rates.

Amazon Pay’s integral checkout solution has been adapted to facilitate SCA authentication.. It automatically applies all applicable exceptions for each type of business and transaction.

What is the advantage of using Amazon Pay?

  • Amazon Pay is part of Amazon, which, as an e-commerce business like you, is also affected by the upcoming authentication requirements. Together with the rest of the business we have worked intensively on developing technology that facilitates SCA whilst providing a frictionless user experience.
  • Over the past year, Amazon has worked closely with members of the EU payments industry to gather insights into payment industry’s approach to SCA, and we’ve built the latest version of Amazon Pay with these insights in mind.
  • If your customers are unwilling or unable to validate their card transactions the Amazon Pay account may offer them alternative methods of payment to still complete the purchase with so you do not lose out on business.

I have already implemented Amazon Pay. How can I upgrade my integration to a version that supports SCA?

We have added SCA capabilities to many of the existing plugins that offer Amazon Pay. Simply visit the PSD2/SCA upgrade page on our website to find step-by-step guides on how you can upgrade your respective solution.