Strong Customer Authentication and phone payments: FAQs

Strong Customer Authentication and phone payments: FAQs

Strong Customer Authentication (SCA) and Phone Payments: FAQs

The EU Payment Services Directive (PSD2) requires merchants and payment providers to ensure that, when a cardholder is not present, their identity is verified using two-factor authentication (2FA). Below are answers to common questions about Strong Customer Authentication (SCA) and its implications for phone payments.


What Is Strong Customer Authentication?

The EU Payment Services Directive (PSD2) aims to make electronic payments secure, efficient, and fraud-resistant across Europe. A core requirement of PSD2 is Strong Customer Authentication (SCA), which mandates that cardholders verify their identity at the point of payment using at least two of the following three elements:

  1. Knowledge — Something the customer knows (e.g., a password or PIN).
  2. Possession — Something the customer owns (e.g., a card, phone, or hardware token).
  3. Inherence — Something the customer is (e.g., fingerprint or facial recognition).

This process is often referred to as two-factor authentication (2FA) or multi-factor authentication (MFA). For online payments, 3D Secure is an example of 2FA that satisfies SCA requirements.


What Is 3D Secure?

3D Secure (3DS) is a protocol used to authenticate online payments securely. Adopted by major card networks, it provides an extra layer of protection by enabling cardholders to verify their identity.

Key benefits of 3D Secure:

  • Prevents unauthorized transactions.
  • Reduces payment fraud and chargebacks.
  • Ensures compliance with PSD2’s SCA requirements for online transactions.

Is Strong Customer Authentication Required for Phone Payments?

No, phone-based transactions—also referred to as MOTO (Mail Order, Telephone Order) payments—are exempt from SCA requirements under PSD2.

Other scenarios where SCA is not mandatory include:

  1. Merchant-Initiated Transactions (MITs): Pre-agreed transactions initiated by the merchant after prior authentication by the cardholder.
  2. One-leg-out Transactions: When either the issuer or acquirer is located outside the European Economic Area (EEA) or UK.
  3. Anonymous Transactions: Payments made using anonymous methods like gift cards.

Important: To ensure compliance, phone payments must be flagged as "MOTO" by your payment service provider (PSP). Paytia automatically handles this for you. If you have concerns, contact Paytia support or your PSP.


What Security Protections Exist for Phone Payments?

Paytia enhances the security of phone payments, protecting both merchants and customers from fraud and data breaches.

How Paytia protects your transactions:

  1. Prevents sensitive data access:

    • Paytia’s system ensures that cardholder data does not reach your staff or internal systems.
    • Protects customers from fraud and identity theft while shielding your business from fines, reputational damage, or rogue employee actions.
  2. Additional security measures:

    • Customer address verification: Matches cardholder details with their registered billing address.
    • Real-time payment fraud analysis: Leverages machine learning to detect and block potential fraud based on data from millions of global transactions.

Can Merchants Choose to Invoke SCA on Phone Payments?

Yes. Merchants can choose to apply SCA for phone payments using Paytia’s Payment Links solution.

How it works:

  • A payment link is sent to your customer via email or text message.
  • The link triggers 3D Secure authentication managed by the cardholder’s bank, ensuring compliance with SCA requirements.

By using Payment Links, you can combine the convenience of phone payments with the added security of 3D Secure authentication.


Conclusion:

Paytia provides secure solutions that help merchants comply with PSD2 while protecting their business and customers from fraud. Whether or not you choose to apply SCA, Paytia ensures that your phone payments are handled securely and seamlessly.

For further assistance, contact the Paytia support team.