SCA Security Guide: Essential Information for Online Card Payments

Quick overview
SCA (Strong Customer Authentication) is a two-factor authentication process required for online card payments in the EU, enhancing transaction security.

SCA, or Strong Customer Authentication, is a new security measure implemented to meet EU requirements for online transactions. This additional layer of security is designed to enhance the safety of your online purchases when using a payment card.

How does SCA work?

SCA is a two-factor authentication process that customers must complete to finalize their purchase when paying with a payment card. The two factors must be independent of each other and come from the following categories:

  1. Something you know: a password or PIN code
  2. Something you have: a key fob or a mobile phone
  3. Something you are: fingerprint or facial recognition

Authentication Methods

When making a payment with a card, you have two main options for authentication:

1. eIDs Authentication:

  • You'll be asked to enter your username and password.
  • You'll need to use your eIDs key app to approve your purchase.

Important:

After October 31, 2022, it will no longer be possible to use eIDs key fobs or code readers for online purchase authentication.

2. SMS Code Authentication:

  • Enter your phone number.
  • You'll receive a one-time code via SMS to approve your purchase.

Note:

Your phone number must be linked to your payment card. If it's not, you'll need to register it through your bank, which takes less than two minutes using eIDs.

The SCA Process

  1. Shop as usual: The shopping experience remains the same as before.
  2. Proceed to payment: Enter your details as usual. After clicking "pay," choose whether you want to authenticate your purchase through the eIDs app or SMS.
  3. Approve your purchase:
    • If you chose eIDs authentication, approve the purchase through the eIDs app.
    • If you chose SMS authentication, enter the one-time code you received.

Supported Authentication Methods

SCA supports various authentication methods across different countries, including:

  • BankID with biometrics (Norway)
  • BankID (Sweden)
  • BankID on mobile (Norway)
  • Buypass (Norway)
  • Finnish Bank ID
  • MitID (Denmark)
  • Mobiilivarmenne (Finland)
  • Mobile-ID
  • NemID (Denmark)
  • Nets ID Verifier

By implementing SCA, online shopping becomes more secure, protecting customers from unauthorized transactions while ensuring a smooth purchasing experience.

Frequently Asked Questions

What is the purpose of SCA?

SCA aims to enhance the security of online card payments by requiring two-factor authentication, reducing the risk of unauthorized transactions and fraud.

Do I need to set up SCA for my card?

SCA is implemented by your bank. Ensure your phone number is linked to your card for SMS authentication, or set up eIDs for app-based authentication.

Will SCA affect all my online purchases?

SCA is required for most online card payments in the EU. However, some low-risk transactions may be exempt, depending on the merchant and your bank's policies.

Articles in this category