Skip to main content
Skip table of contents

Strong customer authentication (SCA)

The customer authentications offered by the payment service provider (card issuer, etc.) are available in edoobox for all payment systems. Settings for this must be made directly with the payment service provider in the corresponding account.

The EU Payment Services Directive PSD2 (Payment Services Directive2)

Strong Customer Authentication (SCA) is an EU directive (EU 2015/2366, Payment Service Directive 2) that came into force on September 14, 2019 as part of the European PSD2 regulation (Payment Services Directive 2). It brought changes to the authentication of online payments by your European customers.

So far 2 steps

Card payments are traditionally made in two steps: Authorization and capture. A payment is authorized when the customer's bank or the card issuer approves a payment; the payment is captured when the card is debited.

New 3 steps

With the SCA, an additional and mandatory step became necessary before authorization and capture: authentication. This step serves to protect customers by preventing fraud. To authenticate a payment, customers respond to a request from the bank and provide additional information. This additional information is one of the following three options:

  • Information that only the user knows, e.g. a password

  • Information that only the user possesses, e.g. a cell phone

  • Information that is unique to the user, e.g. a fingerprint.

Your account settings with the payment service provider

It is important to differentiate when exactly the SCA is necessary and when it is not. This is because SCA is not mandatory for every online transaction. For example, there are exceptions for recurring purchases and payments under 30 euros. We therefore recommend that you check with your payment service provider to find out in which situations you will be asked for stronger authentication.

Note: Influence of the payment service provider

Your verification settings can be tightened by the payment service provider according to its criteria; neither edoobox nor you yourself can influence this.

Criteria that require SCA (strong customer authentication)

If the following statements apply to you, you should look into strong customer authentication:

  • Your company is based in the European Economic Area (EEA) or you create payments for linked accounts within the EEA

  • You have customers in the EEA

  • They accept credit and/or debit cards

Note: Influence of the bank

While authentication is not required for some low-risk transactions (based on volume, fraud rate associated with the payment provider or bank), banks do not have to approve these exceptions and may still require customer authentication.

Recommended for countries outside the EEA, but not mandatory

The EU's PSD2 regulation does not apply to transactions within Switzerland, but it does apply to Swiss companies that have payment transactions with the EEA.

Related instructions

Keywords for these instructions

PSD2 ¦ SCA

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close