Strong Customer Authentication (SCA): What a shop needs to know

With contactless payments and online purchasing becoming a prevailing method of payment on the high street and the web, keeping up with anti-fraud measures such as SCA is vital for independent shops of all sizes... 

A customer’s card being declined is not scenario any retailer looks forward to, and with numerous payment cards now subject to anti-fraud security measures, it is a scenario that has become a little more common over recent years.

Although sometimes inconvenient, measures such as Strong Customer Authentication (SCA) are vital to preventing high street and online fraud, with retailers tasked with making sure their payment systems are secure and up to date since its introduction in March 2022.

SCA requires customers to confirm their identity more rigorously when making electronic payments, and while it has made transactions safer it also creates challenges for independent retailers. Understanding how it works can help avoid lost sales and ensure a seamless experience for customers, as well as making sure high street retailers are on the ball when it comes to how their contactless payment terminals and e-commerce sites are implementing this and how to stay compliant.

Whether it’s knowing what steps to take to make sure your shop is compliant with existing SCA regulations, or if you haven’t come across these rules before, we’ve broken down the important information for independent shops and high street businesses here.

SCA – what is it and what does it require?

Strong Customer Authentication (SCA) is a set of security measures designed to make electronic payments safer. It was introduced as part of the EU’s Revised Payment Services Directive (PSD2) and has been in full effect in the UK since March 2022.

SCA requires businesses to verify a customer's identity using at least two out of three security factors:

• Something the customer knows (e.g., a password or PIN)
• Something the customer has (e.g., a mobile phone or card reader)
• Something the customer is (e.g., a fingerprint or facial recognition)

This means that customers paying online or using contactless cards may need to complete extra verification steps such as these. Banks and payment providers enforce these rules, so retailers must ensure their payment systems comply.

Does SCA apply to my shop?

SCA applies to many electronic transactions, including online card payments and some contactless purchases. However, there are exceptions:

• Contactless transactions under £30 (though multiple low-value transactions may still trigger authentication)
• Recurring payments, like subscriptions
• Payments made to a retailer the customer has previously approved as ‘trusted’

If your shop accepts contactless card payments or online transactions on an e-commerce website for example, SCA will affect your transactions.

How does SCA affect online sales?

For independent retailers selling online, SCA means customers will often need to verify their payments. Many banks now require two-factor authentication (2FA) before approving a transaction. This could mean entering a one-time passcode sent via text or using a banking app.

If your payment system is not SCA-compliant, transactions may be declined. To prevent this, ensure your payment provider supports authentication methods such as 3D Secure 2 (3DS2), which helps verify payments seamlessly.

How does SCA affect in-store payments? 

For brick-and-mortar shops, SCA primarily affects contactless payments, with purchases over £100 possibly requiring the customer to enter their PIN. While individual contactless transactions under £100 don’t usually require verification, banks may ask for a PIN if customers make several in a row. This means customers may occasionally need to enter their PIN, even for small purchases.

If your shop accepts contactless payments, be prepared to explain why customers sometimes need to use their PIN. This is not a fault with the card machine but a security requirement.

What should retailers do to comply with SCA?

It is the responsibility of banks and card processing companies to enforce SCA, with retailers accountable for ensuring their processes and equipment is compliant.

To ensure compliance and a smooth payment process, retailers should:

• Work with an SCA-compliant payment provider – Check that your payment gateway or card reader supports authentication.
• Enable 3D Secure 2 for online sales – This helps authenticate transactions while minimising disruption for customers.
• Educate staff and customers – Make sure your team understands why some transactions require extra steps and can reassure customers when needed.
• Monitor payment declines – If you notice an increase in failed payments, check with your provider to see if SCA is the cause.

Does SCA increase checkout friction?

SCA can introduce extra steps at checkout, but good implementation reduces friction. Many banks now offer biometric authentication (such as Face ID) or one-tap approvals via mobile apps, making the process quick. However, retailers should be aware that some customers may find authentication inconvenient, so clear communication is important.

Strong Customer Authentication is now a key part of the payment landscape. For independent retailers, adapting to these regulations is essential to avoid payment declines and maintain customer trust. By working with an SCA-compliant payment provider and staying informed, retailers can ensure a smooth and secure shopping experience for their customers.