(Pocket-lint) – From Monday, online retailers operating in the EU and UK must offer Strong Customer Authentication (SCA) at checkout.
That’s because, as of 14 March 2022, it will be mandatory for all online shopping purchases to be protected by additional security measures. This will ensure a shopper is who they say they are and, hopefully, reduce fraud.
Any retailer who does not operate SCA technologies at checkout may have payments declined.
So how does it affect you and what should you expect? We explain all here.
What is Strong Customer Authentication?
Thanks to an EU directive that’s also employed by the UK post-Brexit, online retailers who want to sell products in the European Economic Area, Great Britain and Northern Ireland must employ SCA. It is effectively employed a two-factor authentication system at checkout to add an extra layer of protection for purchases.
It requires banks to make additional checks on shopper identity and needs the retailers to support new authentication systems.
Rather than just a password, which has been the stock method of authentication for online shopping for many years, banks will require two forms of identification at checkout. This could be the original password, a device only the shopper has access to (such as a mobile phone), and / or a biometric identifier (fingerprint, for example).
Many online retailers already use SCA. You may have ecountered it on a website or in a mobile app. However, it has not been mandatory to date.
When will Strong Customer Authentication be required?
Originally, SCA was to become mandatory by 14 September 2021 but the FCA granted the industry an extension on the deadline to 14 March 2022.
Retailers who do not support Strong Customer Authentication checks after then may find banks declining payments, which means the shopper will also be declined.
Does SCA apply to contactless payments?
SCA does apply to contactless payments too, which is why customers may sometimes be requested to enter a PIN after tapping their contactless card. Contactless payments made by a phone will generally also have used a PIN or biometric system to unlock the handset first, thereby complying with the new guidelines.
Writing by Rik Henderson. Editing by Chris Hall.