Strong Customer Authentication, often shortened to SCA is part of new legislation being brought in by the EU that will change how you pay for things online.
Let me start off by describing what SCA is and why it is good for online shopping.
When you buy something on Amazon, for example, after you have entered your payment information into Amazon, they will direct you to the website of your bank. The page will ask you for two different ways to verify that it's actually you making the payment.
There are a few ways they could ask you to verify yourself:
- One time password through SMS or email
- One time code from a banking app
- A password
- Facial or voice recognition
Once you've verified it's you, you'll then go back to the merchant's site, in our example Amazon, and they will confirm the payment.
Myself, I think SCA is a very good idea and that it's something that's been needed to happen for a while but I think the implementation of it could be improved for a better user experience.
One of the issues with SCA though is with subscriptions and recurring online charges. If say you subscribe to Netflix, you'll initially be asked for verification that it's you. But also, your bank at any time can decide to refuse the subscription and request that you go back to the merchant, Netflix in the example, and go through the entire payment process again. It's not a very nice thing for you as the subscriber to have to do and it's out of the merchants control.
If you're running a business which takes online payments, I'd check with your payment provider, whether that be Stripe, PayPal, Braintree etc to check if you have everything required in place to make sure SCA doesn't hurt your business.
Now, the European Union have set the 14th of September as the due date for SCA compatibility for merchants, banks and card issuers. However, the UK have recently pushed back the SCA due date to March 2021.