Last updated: 19 December 2019
Strong Customer Authentication (SCA) requirements officially went into effect on 14 September 2019.
To date, few European banks have started enforcing these requirements and declining non-authenticated payments. This is due to a temporary enforcement delay announced by the European Banking Authority on 21 June 2019. On 16 October 2019, the European Banking Authority further announced that the new SCA requirements should be fully enforced by 31 December 2020.
The majority of European regulators will follow this new timeline with two exceptions:
UK - The UK regulator has confirmed its decision to maintain its previously announced 18-month enforcement delay requiring additional authentication for online payments beginning March 2021.
France - France has formally aligned with the 15-month duration set out in the EBA Opinion, but maintains an extra 3-month grace period on a case-by-case basis.
Given the uncertainty around the enforcement timeline and ramp, we recommend preparing your payment flows to be SCA ready as soon as possible. This will help prevent an increase in declines as enforcement of these requirements ramps across European banks.
Our new payments APIs and other SCA-ready solutions are designed to take this uncertainty into account. If you are using our SCA-ready solutions, we will only apply authentication and exemptions when they are required by the cardholder's bank—adjusting to each country’s enforcement timeline to minimise friction.
We are closely tracking any change in banks’ behaviour as well as the ongoing regulatory discussions, and we will continue to update this page with the latest information.