Customer authentication for online card payments
Strong customer authentication (SCA) measures for online card transactions entered into force on 14 September 2019 under the European Commission’s Delegated Regulation on SCA.
All payment service providers (banks, payment institutions, and electronic money institutions) are required to have in place a procedure for verifying customers’ identity when they use payment services or for verifying their authorisation to use a specific means of payment.
Strong customer authentication (verification) means authentication of payment services users based on the use of two or more elements categorised as:
- knowledge – something only the user knows (e.g. passwords, PIN numbers, control questions);
- possession – something only the user possesses (e.g. mobile application, web browsers, tokens, dynamic security codes);
- inherence – something the user is (e.g. biometric data, fingerprints).
At the European Union level, the European Banking Authority (EBA) is leading discussions aimed at coordinating Member States’ approaches to online card payments and at ensuring the smooth operation of such payments.
From 14 September 2019 customers may be offered additional security elements when making online card payments (e.g. an SMS message) in order to increase the security of the transactions.
National Bank of Slovakia
Imricha Karvasa 1, 813 25 Bratislava, Slovak Republic
Tel.: +421-2-5787 2142, +421-2-5865 2142, +421-2-5787 2169, +421-2-5865 2169
Reproduction is permitted provided that the source is acknowledged.