What you need to know about Strong Customer Authentication (SCA)
Strong Customer Authentication (SCA) is a new European requirement
Last updated on December 23, 2020
Strong Customer Authentication (SCA) is a new European requirement to make online and in-person payments more secure in the European Economic Area (EEA).
Currently, when paying online, customers need to enter their card number, expiry, CVV, and postal code to make a payment. When SCA enforcement begins, customers will be required to complete two of the three factors of authentication when initiating a payment: something you know, something you own, something you are. For online card payments, the SCA requirements are met by implementing 3D-Secure. For in-store payments, SCA requirements are met through use of chip & PIN or mobile wallets. Payments without this additional authentication will be declined by the cardholder’s bank. Payments initiated by sellers, such as recurring transactions or mail-order/telephone order (MOTO), do not require SCA.
We advise all Square developers and partners operating in the EEA, including the UK, to take appropriate steps in order to be ready for SCA enforcement starting January 1, 2021 to avoid an increase in declined payments for European cardholders.
In the UK, banks are expected to start asking their cardholders to complete SCA starting June 1, 2021 with full enforcement of the SCA requirements by September 14, 2021. Across the rest of the EEA, banks will start ramping up the SCA enforcement January 1, 2021 with a staggered ramp-up through 2021.
Sellers using Square’s standard products such as Square Online and Invoices do not need to make any changes as the products have been updated to meet SCA requirements. For example, Square will invoke 3D-Secure for online card payments or flag transactions as exempt (e.g. merchant-initiated).
Developers and partners that use Square’s developer products such as Square Payment Form and the Connect V2 APIs must ensure their applications are SCA-compliant to minimize the impact of declined payments.
Here is a step-by-step overview on the changes you need to make your application SCA compliant:
We recommend that developers update their integrations as soon as possible in order to ensure smooth payment acceptance once SCA goes into enforcement. You can make these updates today in both your sandbox and production environment and your application will be SCA compliant when the SCA changes begin rolling out industry wide on January 1, 2021 You can read more about these changes in our documentation.