What is SCA?

Strong Customer Authentication (SCA), is a key segment of the European Union PSD2 regulation. The Directive intends to enhance the level of security and reduce fraud for online payments. In practise this means that Merchants and Cardholders will now be required to utilise online transaction security protocols, such as 3D Secure (and Dankort Secured by Nets in Denmark).

You can read more here: DanishNorwegian or Swedish.

If you would like to a full list of frequently asked questions (FAQs), please see here: FAQs

 

What is required from Merchants?

Merchants and Retailers have two clear tasks to prepare for SCA:

  1. Activate 3D Secure on your payments
  2. Review your subscription payments to ensure they are setup correctly
Note: Any version of 3D Secure is compliant with SCA requirements. We will publish information on the update from 3D Secure version 1 to version 2 (EMV 3DS) soon.

 

What are the risks of not being ready?

If a transaction is not strongly authenticated by 3D Secure, then there is a high likelihood that the Cardholder’s Bank/Issuer will reject the transaction and require 3D Secure to be applied before sending the transaction back for Authorisation.

 

What is the deadline?

The regulatory deadline for SCA implementation for online payments was 31st December 2020. It is now a legal requirement to ensure your payments are SCA-compliant.

 

How to know which transactions require SCA or not?

All the use cases where SCA is required are what we call Cardholder Initiated Transactions (CITs); SCA is always required when the Consumer initiates the payment.

 

Technical specifications on how to process these for each platform:

DT platformD2 platform

If you are a customer on our Easy platform, you do not need to take any actions. 
 
In doubt about which platform you are on? Check it below:

 

FAQs

Is SCA required for all Card brands?

Yes, SCA is required for Visa, MasterCard, American Express. 

AND it is also required for Dankort payments in Denmark. Dankort uses an SCA protocol called “Dankort Secured by Nets”.

 

How to activate 3D Secure?

We’re happy to say it is one simple step.

Please contact Nets eCommerce Support team to activate 3D Secure on the following emails:

Please ensure the email contains the following information:

  • Merchant ID
  • Acquirer name
  • Card Acceptance Agreement number

If you are on the EASY platform, you are automatically setup! No actions required from you! 

 

Are SCA exemptions supported?

SCA exemptions are controlled by Acquirers. Merchants must first speak to their Acquirer (who you have a Card Payment Acceptance agreement with) in order to get clarity and permission for the use of SCA exemptions.

The Low Value Payment exemption is supported by the EASY platform. You can reach out to us to understand your options with this exemption, information will be published on the EASY techsite soon too.

 

Is SCA required for Subscription/Recurring Payments?

Firstly, under SCA definitions, a Subscription payment is called a Merchant Initiated Transaction (MIT). This is because the transaction is initiated by Merchants after they have made an agreement with the Consumer for a set of Products and Services. 

If the payment is not based on an agreement with the Consumer, like a Subscription for TV/Music, then it is a “One-off Payment”, where SCA is always required.

For MIT payments, SCA is required when the agreement is set-up, i.e. when the agreement is confirmed by the consumer in-session. (Jens is confirming that he would like to sign-up to monthly TV streaming service with Netflix, on the Netflix website – in January 2020)

All the subsequent MIT payments once the agreement has been setup, is not required to have SCA applied. (Netflix charges Jens’ Stored Card in February 2020 and every month until Jens cancels his subscription)

 

What if my Recurring agreement is charged at irregular intervals?

There are two types of Merchant Initiated Transaction (MIT), Recurring and “Unscheduled Card on File (UCOF)”. UCOF type MITs are designed for Agreements with Consumers that are based on usage, a payment is triggered when a customer uses a pre-agreed service but is not in-session to carry out the authentication.

For example, a mobile phone agreement where a customer exceeds their mobile data allowance, at which point a pre-agreed cost for extra mobile data is charged to their Card, as a UCOF MIT.

 

What happens if the monthly recurring amount changes?

Under MIT rules, the monthly price can increase or decrease, with no new requirement for SCA. Merchants must however, comply with Consumer laws to ensure their Customers are informed of price changes appropriately.

For example, a Customer may use more minutes or SMS messages in one month and therefore their monthly bill changes from 50 Euros to 70 Euros. This is still within the rules of MITs.

 

What happens to subscriptions that have been setup before the SCA rules came into force?

It has generally been a common rule for Acquirers, that all Subscriptions must be confirmed with Strong Customer Authentication. Subscriptions setup before the 14th September 2019, benefit from the “grandfathering” principle, meaning that SCA is assumed to have been completed and a new SCA is not required.

 

Is SCA required for Stored Cards?

Well, it depends: 

  • If the payment on a stored card is based on an already agreed subscription service with the Consumer, i.e. a second MIT payment, then SCA is NOT required
  • If the payment is for a normal one-off purchase, then SCA is always required for these payments, it does not matter if the Card details are stored.

If you would like to a full list of frequently asked questions (FAQs), please see here: FAQs

Got a lot of questions - or perhaps just one?
Follow us
Nets Danmark A/S
Kungsgatan 32
111 35 Stockholm
Telefon: +46 (0)8-527 525 00