Strong Customer Authentication
Strong Customer Authentication (SCA) is a mandatory requirement of the European Union aimed at increasing payment security. It requires users to confirm online payments using at least two of the following three independent authentication factors:
- Something the user knows → password, PIN code.
- Something the user has → phone, bank card, token.
- Something the user is → biometrics (fingerprint, Face ID, voice).
This means that simply entering a password or an SMS code is not considered sufficient authentication unless it is accompanied by a second factor.
3D Secure as part of SCA
3D Secure (3DS) is a technology designed to protect online payments. It allows banks to request additional customer authentication when paying with a card online.
With 3DS, a bank may require two authentication factors, for example:
- SMS code + online banking password.
- Push notification in the banking app + biometrics.
- Face ID / Touch ID through the banking app.
How Apple Pay complies with SCA
Apple Pay automatically complies with SCA requirements because it uses:
- Biometrics (Face ID, Touch ID) → the “something you are” factor;
- Device (iPhone, Apple Watch) → the “something you have” factor.
When paying with Apple Pay, authentication occurs at the device level, so additional confirmation via 3DS is usually not required.
FAQ
