PSD2 and Strong Customer Authentication: Merchant Compliance Guide
Understanding your obligations under PSD2, how SCA affects your checkout, and exemptions that can reduce friction for customers.
PSD2 and Strong Customer Authentication
Strong Customer Authentication (SCA) is a requirement of the EU's revised Payment Services Directive (PSD2), now implemented in UK law.
What Is SCA?
SCA requires that electronic payments be authenticated using at least two of three elements: something the customer knows (password or PIN), something the customer has (phone or card), and something the customer is (fingerprint or face recognition).
Impact on Merchants
Online merchants saw initial increases in checkout friction and decline rates when SCA was introduced. However, modern implementations via 3D Secure 2 have minimised this impact.
Exemptions Available
Transaction risk analysis exemptions apply to low-risk transactions. Low-value exemptions apply to transactions under £30. Trusted beneficiary exemptions allow customers to whitelist merchants.
What You Need to Do
Ensure your payment gateway supports 3D Secure 2. Work with your provider to implement transaction risk analysis. Review your decline rates and optimise exemption usage.