Strong Customer Authentication: what your business needs to know


Does your business sell online? New regulations coming into force mean customers will need to take extra steps to confirm their identity during online transactions.

From 14 March, customers using a credit and debit card to buy online may need to give two forms of identification to their bank under new Strong Customer Authentication (SCA) rules. Find out what this means for your small business.

What is Strong Customer Authentication?

Strong Customer Authentication is new regulation for online transactions under the EU’s Payment Services Directive (PSD2).

It applies to transactions in the European Economic Area (EEA) and the UK and is designed to check your customers are who they say they are.

These extra security checks were due to come in a year ago, but roll-out was delayed to give businesses more time to prepare.

Ultimately these checks are to support businesses and consumers with the rising threat of fraud and cyber crime. But you could also see a rise in customer transactions getting declined as it adds an extra layer of complexity to their online shopping experience.

What do the new rules apply to?

If you’re an ecommerce business or online shop then you’ll be used to taking online payments or saving customer card details.

Specifically, the new security checks apply to:

  • high-value transactions
  • unusual buying behaviour (if the bank notices spending outside the user’s usual habits)
  • using a different device
  • multiple low-value transactions

When don’t the SCA rules apply?

Lower value transactions – EU rules say transactions below €30 (£25) should continue in the way your customers are used to and won’t need these extra checks.

Direct Debit transactions – these are considered as authorised by the merchant and taken with pre-approved consent from the payer, so won’t be affected by SCA rules.

Certain secure corporate payments – for example payments through controlled corporate travel management systems.

What about face-to-face payments?

Make sure your card payment machine is using the latest software and compliant with the new rules.

These machines are designed to follow industry regulations, and Chip and PIN already provides the layer of security needed for SCA. However, it’s a good idea to check with your bank or provider that your system is up to date so you don’t run into any issues.

What forms of identification might be needed?

A customer may be prompted to show additional identification for their bank to approve online transactions, for example through:

  • a password or PIN
  • entering a one-time passcode sent by text to their mobile device or landline
  • fingerprint ID or voice recognition
  • logging into their banking app

What do I need to do?

It’s important to be ready for the new rules as any issues could result in customer transactions getting declined. Here are a few things you can do to help your business prepare:

Contact your business bank or company that provides checkout services on your website – they should be able to automatically apply the SCA changes, and flag any transactions that the rules won’t apply to.

Make the journey as smooth as possible for your customers – your bank may also be able to help identify certain payments that may not need SCA.

Use the latest version of 3DSecure – 3DSecure authorises card transactions for online transactions (although there are alternative solutions available). Make sure your integration with your site is using the latest version (3DSecure v2) as this is compliant with SCA rules and is compatible with mobile devices.

Businesses that don’t comply with the new rules by 14 March may be monitored by the FCA.

Still have questions about the roll-out and what it means for your business? UK Finance has more information on SCA for merchants.

Is your business ready for the new SCA rules? Let us know your experience in the comments.

Ready to set up your cover?

As one of the UK’s biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?

Maksym Povozniuk/

Catriona Smith

Catriona Smith is a content and marketing professional with 12 years’ experience across the financial services, higher education, and insurance sectors. She’s also a trained NCTJ Gold Standard journalist. As a Senior Copywriter at Simply Business, Catriona has in-depth knowledge of small business concerns and specialises in tax, marketing, and business operations. Catriona lives in the seaside city of Brighton where she’s also a freelance yoga teacher.

This block is configured using JavaScript. A preview is not available in the editor.