Strong Customer Authentication | PSD2 SCA Compliance

Introduction to Accertify’s PSD2 SCA Compliance Solution

Shane Spears

Nov 2, 2020

Payments Services Directive (PSD2), including Strong Customer Authentication (SCA) requirements, is a European regulation to make payments more secure.  It is key that merchants are prepared well in advance of the deadline as it can take some time to re-shape payment strategies for regulatory compliance. Failure to comply with the regulations may result in declined transactions and lost business.

EU Commission and the EBA communicated and confirmed that they will not provide additional time beyond 31 December 2020 for SCA implementation and that it will be fully introduced on 1 January 2021 as previously agreed. However UK compliance deadline is Sept 2021.

Companies in the European Economic Area (EEA) should be preparing to comply with the second Payment Services Directive’s SCA requirements. If your company is one of the many that is unprepared, you should be exploring partnerships with companies that offer Strong Customer Authentication solutions.

The EEA PSD2 merchant compliance requirements target online card-non-present fraud by requiring two-factor verification of a customer’s account ownership to complete significant and potentially risky transactions. Valid authentication must confirm two of these three criteria:

  • Something the accountholder possesses, such as a mobile phone
  • Something s/he knows, such as a password, and
  • Something s/he “is,” such as a fingerprint

Out-of-scope transactions, such as those initiated by the merchant rather than the consumer and those in which at least one party is located outside the EEA are not requested to comply with PSD2 SCA compliance regulations. Merchants can also request exemptions from card issuers and acquiring banks based on risk analysis and fraud performance.

As a leader in digital identity protection and fraud prevention, Accertify has developed a sophisticated strong customer authentication solution, SCA Optimisation to help online sellers implement SCA with minimal disruption to users’ online shopping experience.

Accertify’s SCA Optimisation is a solution that simplifies fraud management and authentication and enables compliance with industry and government regulations. Accertify’s PSD2 SCA compliance solution includes real-time reporting and machine learning capabilities that respond to and eliminate evolving fraud to help ensure your business is sufficiently protected. Accertify’s SCA Optimisation provides fraud protection, SCA compliance and effective authentication management with no need for additional fraud prevention solutions.

With Accertify’s strong customer authentication solutions in your corner, you benefit in a variety of ways, such as:


Appropriate use of SCA exemptions optimises making online transactions as friction-free as possible. Accertify helps merchants to identify and facilitate requesting exemptions. Merchants may request – though acquirers and issuers may or may not grant – that a transaction be exempted from PSD2 SCA compliance requirements for several reasons:

  • Low value
  • Recurring transactions of the same amount and same payee (such as a payment for a monthly subscription)
  • Secured corporate payment transactions that are under the threshold of the issuers or acquirers fraud level and low risk transaction exemption (or Transaction Risk Assessment -TRA)

Accertify’s Strong Customer Authentication solutions maximize your SCA exemptions by analyzing incoming payments for exemption potential using our advanced machine learning technology to predict the likelihood the exemption will be granted by the card issuer and/or acquiring bank. Shepherding reliably safe transactions away from the SCA protocol has the added benefit of limiting the number of instances your payment service provider and banks are asked to check.

Transaction Risk Analysis

It is important that transactions that are not granted exemptions be processed through PSD2 strong customer authentication rules. Sharing customer, device, location, and other information in the background and in real-time mitigates the perceptible effects of this additional layer of security. Accertify’s decision engine coordinates data flow between banks and merchants so decisions can be made with more complete information.

Fraud Screening

Accertify’s Strong Customer Authentication solution, SCA Optimisation can detect and prevent account fraud as well as authenticate legitimate account activities. All transactions are checked with a six-step verification process that uses hundreds of data points and the powerful machine learning. Accertify’s Strong Customer Authentication solution SCA Optimisation will assist merchants to comply with PSD2 guideline and compliance . 

This process includes:

  • User behaviour Detects evidence of credential stuffing or brute force attacks — automated use of stolen username/password pairs to gain access to user accounts, browsing and buying, and activities or processes that diverge from known legitimate user patterns.
  • Device information Use of a device not previously associated with the account.
  • Evidence of malware Identifying virtual machines, proxies, or infected computers to steal legitimate users’ online identities.
  • Previous scenarios Actions that resemble previous attempts to defraud users and merchants.
  • Payor’s & Payee’s location – Determining whether the purported payor and payee locations are out-of-pattern.

Request a complimentary consultation to learn how Accertify’s Strong Customer Authentication solution can help your company comply with the new PSD2 merchant compliance requirements.