Strong Customer Authentication(PSD2)

What you need to know about SCA in one minute

On September 14, 2019, a new requirement for all online payments is being introduced in the EU, stating that all transactions (with certain exceptions) should be verified by the consumer. The change is part of an initiative to harmonize European payments and ensure consumers are protected. This requirement is known as SCA - Strong Customer Authentication – and is part of the EU regulation called PSD2 (Payment Service Directive 2). Read more about what the new requirements mean for web shops and consumers in our FAQs below - or press the following links for an elaboration in either DanishNorwegian or Swedish.

 

  The Danish Financial Supervisory Authority (FSA) has announced a transition period of 18 months for the implementation of SCA making the 14th September the target date for the rules to apply, but will not yet be enforced. However, we recommend that all merchants continue to work towards implementing measures to become SCA compliance.

What does strong customer authentication mean for E-commerce?

An electronic transaction will be defined as having gone through Strong Customer Authentication if at least two of the following three factors have been provided by the consumer:

 

How to evaluate whether my transactions need SCA or not?

 


 

In order to know what transactions are required to go through SCA or not, you need to identify if your transactions are initiated by the cardholder (consumer) or the merchant.
 
Cardholder-initiated transaction
A cardholder-initiated transaction (CIT) is when the cardholder or consumer plays an active role in the initiation of the transaction. This includes all one-off transactions where the cardholder is actively selecting products or services on your website and proceeding to the checkout.
If you are offering your customers to save their card, DIBS will of course ensure that this is supported, and will add SCA where needed. Please see above table where 1-3, 4A and 5A are CIT scenarios.

 

Merchant-initiated transaction
A merchant-initiated transaction (MIT) refers to transactions where the cardholder plays no active role, commonly referred to as recurring or card-on-file payments. There must be an agreement in place between the merchant and consumer regarding how much should be charged, for what product or service and when. MIT transactions can be charged on a regular or irregular basis. The MIT transaction is then initiated by the merchant based on the agreement, see scenario 4B and 5B. The initial transaction and agreement must always be “signed” with SCA - Scenario 4A and 5A.

 

How to ensure Strong Customer Authentication on all my transactions?

In order to ensure Strong Customer Authentication on all of your transactions, you need to activate and send transactions through the SCA protocol that is attached to Card schemes that consumers pay with today (e.g. Visa and Mastercard). For Visa and Mastercard the SCA protocol is called 3D Secure, which you may already be familiar with. In the 3D Secure process, the consumer is often requested to perform an action to confirm that they are making the transaction. This action is the SCA element in the payment process, for example, a consumer may be asked to enter a password that is sent to their phone.
If you are a customer of DIBS and wish to read a technical guide on how to enable this for your webshop, click on the platform that you are on:

 

DT platformD2 platform

If you are a customer on our Easy platform, you do not need to take any actions. 
 
In doubt about which platform you are on? Check it below:

 

Got a lot of questions - or perhaps just one?
Follow us
Nets Danmark A/S
Kungsgatan 32
111 35 Stockholm
Telefon: +46 (0)8-527 525 00