TrustPay announces new partnership with MuchBetter

Computer users and programmers have become so accustomed to using Windows…

TrustPay announces new partnership with MuchBetter

Computer users and programmers have become so accustomed to using Windows…

TrustPay announces new partnership with MuchBetter

Computer users and programmers have become so accustomed to using Windows…

17. June 2020

Strong Customer Authentication (SCA) explained

author: TrustPay
Follow us:

Strong Customer Authentication (SCA) is a mandate introduced by the Payment Services Directive (PSD2) enacted by the European Commission, which requires electronic payments initiated by the buyer to be authenticated by at least two of the following three factors.

  • Something the cardholder knows (e.g., a password or PIN)
  • Something the cardholder has (e.g., a token, a mobile phone)
  • Something the cardholder is (e.g., a fingerprint or voice match)

1. To whom does SCA apply?

SCA applies to electronic transactions that occur within the European Economic Area (EEA). When you accept cards issued in the EEA, the SCA check must be performed to all in-scope transactions unless exempted by the legislation.

2. Transactions out of scope for SCA

The SCA check is not required for the following transactions:

  • Anonymous payment instrument transactions – Transactions where anonymous payment instrument is used, for example, anonymous prepaid cards.
  • Mail Order/Telephone Order (MOTO) Transactions – Payments transacted over the phone or e-mail.
  • One-leg transaction – Transactions where only one of the payment service providers is located inside the EEA. Since TrustPay is located within EEA, the one leg transactions are the transactions submitted with a card issued outside EEA. PSD2 expects that SCA should be applied for the one-leg transactions on a best effort basis.
  • Merchant Initiated transactions (MIT) – transaction initiated by the merchant, for example, credit fund transfers or repeatable (recurring) transactions, direct debits.

3. E-commerce transactions exempted from SCA

Transaction category Description Applied by
Low-value transactions Electronic payments under €30—and:

  • The cumulative amount of previous electronic payment transactions since the last application of SCA does not exceed €100; or
  • The number of previous electronic payments since the last application of SCA does not exceed five consecutive individual transactions.
Trusted beneficiaries Payers can assign merchants to a whitelist of trusted beneficiaries which is maintained by their bank. Whitelisted merchants are exempt from SCA. Issuer
Secure corporate payments Electronic payments made through dedicated corporate processes initiated by businesses, for example, secure corporate cards. Issuer
Low-risk transactions TrustPay is allowed to request an exemption based on the risk analysis when its fraud rates do not exceed the specified thresholds. TrustPay

4. How is SCA applied to e-commerce transactions?

The Strong Customer Authentication requires that two independent factors need to be initiated (what cardholder knows, has, or is). The security protocol EMV 3-D Secure has been introduced as a tool fulfilling the SCA mandate.

5. What is EMV 3-D Secure?

3-D Secure (3DS) is a customer authentication security protocol, designed to reduce fraud rates and provide security to card-not-present transactions. 3DS1 is already widely used by TrustPay today.

With the event of the SCA mandate, the new version of 3DS protocol was introduced EMV 3-D Secure (3DS 2.1.), and its systems are ready to support 3DS 2.1 as well. At present, TrustPay is preparing their systems to be ready for 3DS 2.2. as well and we will inform you when will be available.

6. How to apply for exemption from SCA?

An issuer will decide whether the SCA is required for exempted transactions or not. In case of exemptions applicable for TrustPay (please, refer to point 3), a merchant can apply for the exemption through the specific exemption flag submitted in the authorization request. How to submit an exemption flag, there will be a separate communication distributed to you.

7. What to do in case of out of scope transactions?

The merchants do not need to take any action in relation to the out of scope transactions. These transactions will be submitted automatically without a need for the SCA check.


The impact of COVID-19 on merchants and their Strong Customer Authentication (SCA) preparations has been significant, and the payments industry called for additional time to allow merchants to focus their efforts on SCA again. As a result, the official request for six months long delay was submitted by a couple of payment industry representatives to the European Commission.

We would like to bring to your attention that the European Commission has recently announced that the merchants and payment service providers will be granted no further time to prepare for and comply with the SCA mandate.

Therefore, we would like to assure you that the current deadlines are valid as they were communicated to you before. We encourage you to dedicate enough time and effort to the SCA migration to meet given deadlines. You are required to update your TrustPay gateway integration using the new version of 3-D Secure by October 1st, 2020.

Please refer to the previous TrustPay communications or contact us via the e-mail address and our colleagues will be happy to advise you.

you might be interested

Brace for impact, SCA is about to hit – are you ready?
As we enter the final part of the year, peak shopping season, pandemic-driven e-commerce acceleration and the annual change freeze period will collide. But this year the introduction of Strong Customer Authentication (SCA) will also enter the mix – and for some merchants, it may feel like the end of 2020 will be even more daunting and difficult than the early part of the year.
author: TrustPay
Payments in a pandemic: Why you need to health-check your processes
The COVID-19 pandemic has pushed both consumers and businesses to rely on online channels, driving a surge in e-commerce volumes far beyond the increases that were predicted for this year.
author: TrustPay