PSD2 SCA – Fidelity Payment

New requirements for authenticating online payments in Europe will be introduced on 14th September 2019 as part of the second Payment Services Directive (PSD2).

What is PSD2?

The second Payment Services Directive (PSD2) is an EU regulation, which affects banking and ecommerce. It aims to create clarification and more customer trust. It will permit customers to accept third-party providers to manage their funds, analyse expenditure, make Peer-to-Peer (P2P) transfers and much more, through their existing bank account.

Who does PSD2 apply to?

PSD2 applies to organisations who have an acquirer or Payment Services Provider processing their payments within the EU or EEA.

So, what is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is a new European regulatory requirement aiming to increase fraud prevention and heighten security for online payments. An additional authentication into your checkout flow will need to be created once SCA is implemented.

Two of the following three types of authentication are required for SCA.

1) Something the customer knows (e.g. password or pin)
2) Something the customer has (e.g. phone or hardware token)
3) Something this customer is (e.g. fingerprint or face recognition)

Once the rule is established, banks will decline payments that need SCA if they do not match the standards above.

Now that we understand what SCA is, when is it required?

SCA will be applicable to any “customer-initiated” online payments in Europe. Therefore, most card transactions and all bank transfers will need SCA. In the case of recurrent direct debits, as it is considered “merchant-initiated”, they will not require SCA.

How will this affect you?

This regulation will affect you in the following ways:

1) You will have to update your checkout process
2) You may have to update your gateway integration
3) You will have to inform your customers about the change in user experience

What are the exemptions to SCA?

Variations of low-risk payments may be relieved from having to meet SCA requirements. Fidelity will help businesses to build authentication into their checkout flow by introducing an extra part that will reduce friction and client drop-off.





Amount of transaction does not exceed €50 AND cumulative value of all subsequent transactions does not exceed €150 OR 5 consecutive transactions

  • Counter at Issuing host
  • Will likely opt for Value counter @ €150
  • Terminals need to read soft decline and request PIN or full decline & require Chip & PIN transaction

Unattended Terminals

Payment is for the purpose of paying a transport fare or a parking fee

  • Must be correctly/easily identifiable as UAT — Transport/Parking

Trusted Beneficiary

Cardholder has designated merchant as a Trusted Beneficiary

  • Plan to leverage Visa Trusted Seller solution – 3D Secure 2.2 is a pre-requisite

Recurring Transactions
(same amount, same payee)

SCA is provided at the first transaction in the series, all subsequent transactions can be exempted

  • Must be correctly tagged as RT — if data not reliable will decline
  • Must be able to trace back to initial SCA (Transaction ID)

Low Value Transactions

Amount of transaction does not exceed €30 AND cumulative value of subsequent transactions since SCA does not exceed €100 OR 5

  • Counter at Issuing host
  • Will likely opt for value counter
  • Contactless/UAT/RT could unnecessarily utilise this counter if not flagged correctly

Secure Corporate Payments

No amount threshold applies, limited circumstance e.g. virtual cards, lodge cards.

  • Not an exemption we can use as does not apply to T&E cards

Transaction Risk Analysis (TRA)

Subject to Issuer/Acquirer Fraud Reference Rate (FFR):

  • Under €100 = 13bps, €101-€250 = 6bps; €251-€500 = lbps; €500+ = SCA
  • Intend to use Issuer TRA where possible subject to FRR — 3D Secure is a pre-requisite
  • If Acquirer TRA flag provided will likely accept subject to FRR calculation

How will Fidelity help you prepare for SCA?

In order to help you prepare for SCA, we are working with all of our PSPs (Payment Gateways) to ensure that they have updated their integrations in line with the requirements. We will also be contacting all of our affected merchants to ensure that everyone’s transactions will continue to be approved after September 14th, when the regulation comes into effect.

If you have any questions regarding PSD2 SCA, please feel free to get in touch:
T 0345 481 2178


Leave A Comment