Make a selection

Strong Customer Authentication (SCA)

Laurel
Laurel
  • Updated

On September 14, 2019, new authentication requirements were introduced for European online payments as part of the second Payments Services Directive (PSD2).

Payments where both the business and the customer's bank are located in the European Economic Area (EEA) need to meet the new Strong Customer Authentication (SCA) requirements.

The deadline imposed by the European Economic Area / UK was March 14, 2022.

For general information, please visit Stripe's article on Strong Customer Authentication.

 


 

Eligibility

SCA must be used for transactions that involve money that's moving between bank accounts located within the European Economic Area.

SCA regulations apply to your business if the following criteria is met:

  1. Your business uses a bank account in the European Economic Area.

    Note: This includes all countries within the European Union plus Norway, Iceland and Liechtenstein.

  2. You sell to customers with bank accounts located in the European Economic Area.

 


 

Customer impact

  • Transactions that customers neglect to authorize will fail and be retried.
  • Some transactions may experience longer processing times as customers need to manually authorize their payments by completing the authorization challenge.

    Note: Transactions that have been authorized will continue to process as expected.

 


 

Setup

Merchants that meet all of the eligibility criteria need to contact their payment gateway (Braintree or PayPal Complete Payments) to ensure that their SCA / 3DS2 is properly configured.

 


 

FAQs

What countries are affected?

  • Austria = AT

  • Belgium = BE

  • Bulgaria = BG

  • Croatia = HR

  • Cyprus = CY

  • Czech Republic = CZ

  • Denmark = DK

  • Estonia = EE

  • Finland = FI

  • France = FR

  • Germany = DE

  • Greece = GR

  • Hungary = HU

  • Iceland = IS

  • Ireland = IE

  • Italy = IT

  • Latvia = LV

  • Liechtenstein = LI

  • Lithuania = LT

  • Luxembourg = LU

  • Malta = MT

  • Netherlands = NL

  • Norway = NO

  • Poland = PL

  • Portugal = PT

  • Romania = RO

  • Slovakia = SK

  • Slovenia = SI

  • Spain = ES

  • Sweden = SE

  • Switzerland = CH *

  • United Kingdom = GB **

* Though the UK may not be a part of the EEA in the future, they intend to implement or follow SCA regulation.

** Although Switzerland is outside of the European Economic Area (EEA), Swiss merchants need to meet SCA requirements because Stripe’s acquiring bank for Swiss merchants is located in the UK.

 

What businesses are affected?

Europe

If you are a European business who is located within the European Economic Area (EEA) and charges customers cards that were issued within the EEA, you are required to comply with SCA.

Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.

UK

Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.

US and Other Countries

Businesses located outside of the European Economic Area (EEA) are considered outside of the scope and should experience minimal impact of SCA.

Transactions processed by businesses outside of the EEA are considered a one-leg transaction and are therefore not subject to SCA rules.

Please visit Businesses affected by Strong Customer Authentication (SCA) regulations for more information.