Strong Customer Authentication (SCA) requirements officially will go into effect on 14 March 2022 in the UK.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is a European regulatory requirement to reduce fraud and make online and contactless offline payments more secure. SCA requires at least two of the following three elements to authenticate online purchases:

• Something the customer KNOWS (e.g., password or PIN)

• Something the customer HAS (e.g., phone or hardware token)

• Something the customer IS (e.g., fingerprint or face recognition)

To facilitate this, Stripe will enable 3D Secure (3DS) for your issued cards. The additional 3D Secure step at checkout typically involves showing the cardholder an authentication page on their bank’s website, where they’re prompted to enter a verification code which has been sent to their phone or email.

What this means for you

Enabling 3DS on your issued cards is intended to protect you by reducing the number of fraudulent payments.

Stripe will reject purchases that have not been properly authenticated using 3DS, while merchants and acquirers may choose to apply exemptions on low-risk payments. When a payment is authenticated with 3DS and there is a dispute, there are differences in who is liable for fraud. To learn more about the liability shift and how to manage disputes with 3DS, please view our documentation or refer to the table below.

Who is liable for fraud