Simply Business homepage
  • Business insurance

    Business insurance covers

  • Support
  • Claims
  • Sign In
Call Us0333 0146 683
Our opening hours
Knowledge Centre

Strong Customer Authentication: what your business needs to know

2-minute read

Catriona Smith

11 March 2022

Share on FacebookShare on TwitterShare on LinkedIn

Does your business sell online? New regulations coming into force mean customers will need to take extra steps to confirm their identity during online transactions.

From 14 March, customers using a credit and debit card to buy online may need to give two forms of identification to their bank under new Strong Customer Authentication (SCA) rules. Find out what this means for your small business.

What is Strong Customer Authentication?

Strong Customer Authentication is new regulation for online transactions under the EU’s Payment Services Directive (PSD2).

It applies to transactions in the European Economic Area (EEA) and the UK and is designed to check your customers are who they say they are.

These extra security checks were due to come in a year ago, but roll-out was delayed to give businesses more time to prepare.

Ultimately these checks are to support businesses and consumers with the rising threat of fraud and cyber crime. But you could also see a rise in customer transactions getting declined as it adds an extra layer of complexity to their online shopping experience.

What do the new rules apply to?

If you’re an ecommerce business or online shop then you’ll be used to taking online payments or saving customer card details.

Specifically, the new security checks apply to:

  • high-value transactions
  • unusual buying behaviour (if the bank notices spending outside the user’s usual habits)
  • using a different device
  • multiple low-value transactions

When don’t the SCA rules apply?

Lower value transactionsEU rules say transactions below €30 (£25) should continue in the way your customers are used to and won’t need these extra checks.

Direct Debit transactions – these are considered as authorised by the merchant and taken with pre-approved consent from the payer, so won’t be affected by SCA rules.

Certain secure corporate payments – for example payments through controlled corporate travel management systems.

What about face-to-face payments?

Make sure your card payment machine is using the latest software and compliant with the new rules.

These machines are designed to follow industry regulations, and Chip and PIN already provides the layer of security needed for SCA. However, it’s a good idea to check with your bank or provider that your system is up to date so you don’t run into any issues.

What forms of identification might be needed?

A customer may be prompted to show additional identification for their bank to approve online transactions, for example through:

  • a password or PIN
  • entering a one-time passcode sent by text to their mobile device or landline
  • fingerprint ID or voice recognition
  • logging into their banking app

What do I need to do?

It’s important to be ready for the new rules as any issues could result in customer transactions getting declined. Here are a few things you can do to help your business prepare:

Contact your business bank or company that provides checkout services on your website – they should be able to automatically apply the SCA changes, and flag any transactions that the rules won’t apply to.

Make the journey as smooth as possible for your customers – your bank may also be able to help identify certain payments that may not need SCA.

Use the latest version of 3DSecure – 3DSecure authorises card transactions for online transactions (although there are alternative solutions available). Make sure your integration with your site is using the latest version (3DSecure v2) as this is compliant with SCA rules and is compatible with mobile devices.

Businesses that don’t comply with the new rules by 14 March may be monitored by the FCA.

Still have questions about the roll-out and what it means for your business? UK Finance has more information on SCA for merchants.

Is your business ready for the new SCA rules? Let us know your experience in the comments.

Ready to set up your cover?

As one of the UK's biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?

Start your quote
Maksym Povozniuk/

We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer

Find this article useful? Spread the word.

Share on Facebook
Share on Twitter
Share on LinkedIn

Keep up to date with Simply Business. Subscribe to our monthly newsletter and follow us on social media.

Subscribe to our newsletter


Popular articlesBusiness resources from FarillioGeneral businessGuestInsuranceLandlordLandlord resources from FarillioLegal and financeMarketingNewsOpinionProperty maintenanceTradesmanCovid-19 business support hub


Public liability insuranceBusiness insuranceLandlord insuranceTradesman insuranceCharity insuranceNot for profit insuranceRestaurant insuranceCommercial van insuranceInsurers


About usOur teamAwardsPress releasesPartners & affiliatesOur charitable workModern Slavery ActSocial mediaSite map

Customer support

Contact & supportPolicy renewalMake a claimProof of policyComplaintsAccessibility


6th Floor99 Gresham StreetLondonEC2V 7NG

Sol House29 St Katherine's StreetNorthamptonNN1 2QZ


Careers at Simply BusinessTech careersCurrent opportunities


BenefitsRefer a friendFinance


Terms & conditionsPrivacy policyCookie policyVuln Disclosure policy


Knowledge centreOpinionsMicrosites

© Copyright 2022 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.