Strong Customer Authentication is a part of the second Payment Services Directive (PSD2). It's a requirement aiming at reducing fraud and providing more security for online payments.
When is SCA required?
For online card payments, SCA requirements apply to transactions where both you and the cardholders bank are located in the European Economic Area (EEA).
When you or your customer fill out a credit card form, the cardholder’s bank will determine whether additional authentication is required.
What does the payment flow look like?
Regardless of how the payment is initiated (e.g. from the checkout of your online store, a payment request, or when charging a (saved) card from within Booqable), your customer needs to be on a Booqable page in order to authenticate (this is sometimes called on-session).
From the checkout of your online store or a payment request:
The simplest payment flow is when your customer makes a payment from the checkout of your online store or paying a payment request.
Your customer is currently in the payment flow (on-session), and when additional authentication is required after filling out the credit card form, your customer is presented a page where they need to go trough the authentication process to complete the payment.
Off-session payment flow:
The payment flow is a bit different when you’re charging a customer who is not currently in a payment flow (this is sometimes called off-session). For example, when you charge a (saved) credit card from within Booqable.
When authentication is required, you’re presented a link to a page where your customer can authenticate:
If you have your customer’s email address, you can send the link through email (there's a customizable email template named “Payment SCA Authentication” in your Booqable account).
If you don’t have your customer’s email address, you can also provide them with the link trough other means. For example, you can send the link through a text message, or let walk-in customers authenticate while in your store.
Until your customer has authenticated and approved the payment, it will show up in Booqable as “SCA pending”.
What does the authentication process look like for my customers?
How the authentication process looks varies between different banks, and the requirements for authentication may also vary from one bank to another.
In any case, to process the payment your customer needs to provide at least two of the following types of identifiers:
- Something your customer knows, like a password or PIN.
- Something your customer has, like a hardware token or a mobile device.
- Something unique to your customer, like a fingerprint, face or voice recognition.