Selling & Taking Payments Online: Prepare for upcoming ‘Strong Customer Authentication’ (SCA) regulation before September 14th


This is a new security measure to cut card fraud and is fast approaching.

It is important that you act on this, if you do not it is highly likely that customers will start experiencing problems paying online after September 14th

At present the only information that is required when making an online payment is the credit card number, expiry date and CVV number.  If you are already using 3D secure payments, you may be providing much of this information already, If not you will need to take action.

The new requirements are being introduced to provide greater protection against fraud and are called Strong Customer Authentication or SCA for short. These are part of the Revised Payment Services Directive (PSD2) published in 2018, Strong Customer Authentication (SCA) is intended to make payments more secure, requiring online sellers to implement more stringent methods of ensuring the payments they are taking are genuine.

The system is designed to protect consumers, retailers and card issuers from fraud, but genuine transactions were inevitable collateral damage. Not every retailer used the additional layer of security but new regulations coming in the next few months will require most online payments to be subject to stronger authentication.

The main requirement for business owners

Under SCA, companies will have to verify a customer’s identity by two of the three following elements: something the customer possesses – i.e. the credit card, mobile device or smart card; something only the user knows, such as a password or PIN; and something that the user is, which means biometrics such as a fingerprint or facial scan.

In order to do this a significant amount of additional information is required by payment processors to be able to deal with these new requirements and your website will have to provide this information and make sure that it is in the correct format prior to sending it to the payment processor.

The main requirement for the customer

There will now be an extra step in the checkout process where customers will have to enter codes or use biometric authentication through their banking app to approve the payment.

  1. Payments Over €50 will be Subject to the new regulations.
  2. While smaller payments may not be subject to SCA, if you are taking payments larger payments > €50 the new requirements will apply.

The following must be provided by your customer when trying to make a payment:

  • Customer’s Phone Number
    The customer’s phone number must be provided and must be correct including country code (The user will have to have the ability to receive a text message).
  • Customer’s Eircode
    The customer’s eircode must be provided and correct.
  • Customer’s Billing Address
    The customer’s billing address including country must be provided and correct.

If the above information is not provided and correct it is very likely that payments will start failing authentication and you will start experiencing customer service problems.

Many payment forms collect much of this data already, but some do not validate the format of the data and many currently do not transmit this data to the payment processor.

We would recommend that you get this checked with us to avoid issues on September 14th.


For more information