Customer authentication for online card payments
Strong customer authentication (SCA) measures for online card transactions entered into force on 14 September 2019 under the European Commission’s Delegated Regulation on SCA.
All payment service providers (banks, payment institutions, and electronic money institutions) are required to have in place a procedure for verifying customers’ identity when they use payment services or for verifying their authorisation to use a specific means of payment.
Strong customer authentication (verification) means authentication of payment services users based on the use of two or more elements categorised as:
- knowledge – something only the user knows (e.g. passwords, PIN numbers, control questions);
- possession – something only the user possesses (e.g. mobile application, web browsers, tokens, dynamic security codes);
- inherence – something the user is (e.g. biometric data, fingerprints).
At the European Union level, the European Banking Authority (EBA) is leading discussions aimed at coordinating Member States’ approaches to online card payments and at ensuring the smooth operation of such payments.
From 14 September 2019 customers may be offered additional security elements when making online card payments (e.g. an SMS message) in order to increase the security of the transactions.
NBS information and advice on online card payments
EBA information on card payments (in English only)
NBS information on strong customer authentication (in Slovak only)
National Bank of Slovakia
Communications Section
Imricha Karvasa 1, 813 25 Bratislava, Slovak Republic
Tel.: +421-2-5787 2142, +421-2-5865 2142, +421-2-5787 2169, +421-2-5865 2169
Internet: http://www.nbs.sk
Reproduction is permitted provided that the source is acknowledged.