Skip to main content

Strong Customer Authentication (SCA)

Learn about multi-factor authentication for online payments

Anni avatar
Written by Anni
Updated this week

✨ Please note: Payments are available on the Lite plan or above.

Strong Customer Authentication (SCA) adds extra security for online payments using multi-factor authentication. Bookwhen has already implemented the necessary steps, so no changes are required on your account.

This article explains what SCA is, how it affects your customers’ payment process, and how Bookwhen ensures compliance.


Understanding SCA for Online Payments

If you accept online payments through Stripe, PayPal, or WorldPay, it’s important to understand Strong Customer Authentication (SCA) and how it affects your customer’s payment process.

SCA boosts payment security and reduces fraud risk. Since September 14, 2019, the European Economic Area (EEA), including the UK, has made it a requirement under the second Payment Services Directive (PSD2) for online payments.

💡 Please note: Worldpay is no longer available to new customers.


Multi-Factor Identification

SCA requires online payments to involve multi-factor authentication. This means users can proceed only after providing two or more pieces of evidence confirming their identity.

This must be 2 of the following:

  1. Something your customer knows (e.g. a PIN)

  2. Something your customer has (e.g. a phone)

  3. Something your customer is (e.g. a fingerprint)

Your customer might need to take an extra step to fulfil the mentioned conditions. This could involve entering a PIN they've set before, receiving a code via SMS on their phone, or another similar action.


Exemptions

Your payment provider might permit an online payment without SCA for two reasons:

  1. The transaction is deemed 'low risk,' meaning the card provider's overall fraud rate is below an acceptable threshold.

  2. The payment amount is small, less than €30 (about £25). However, this exemption can only be used five times before the customer needs to renew with another multi-factor authentication.


How this affects payments for your customers

Most transactions won’t require additional information or security checks. For most customers, the payment process will remain the same, with extra details only requested on rare occasions.

However, some customers may face additional SCA requirements and will need to provide the necessary details. If extra information is needed, a transaction may fail or be blocked.

This can happen for a few reasons:

  • A customer enters incorrect information, such as an incorrect postcode/zipcode for their card.

  • A customer doesn't pass their bank's 3D Secure check, for example, by entering the wrong passcode on the bank’s security form.

Customers should have the option to correct any mistakes and re-enter their details without being blocked from completing their payment.


💬 Need extra help?

  • For the quickest response, contact us via live chat on our homepage or your account. Buddy, our trusty chatbot, will assist first and pass you to a support team member if needed.

  • Prefer email? Send us an email instead.

Thank you! 🕺

Did this answer your question?