The Thredd team
November 25, 2024
We talk you through Strong Customer Authentication (SCA) and what you need to know for your business and customers.
The Thredd team
PSD2 is an acronym for Second Payment Services Directive. This is a set of EU regulations aimed at improving security for credit and debit card users. The legislation came out of the European Banking Authority and was adopted into UK law.
There are several parts to PSD2. One part is the requirement for financial institutions to implement Strong Customer Authentication (SCA) by the deadline.
What is SCA? A set of additional checks when someone uses a payment card to verify the identity of the person who is using the card. In some instances, the cardholder will be required to verify their identity in two different ways.
Monday 14 March 2022.
Offering SCA requires having a combination of two forms of customer authentication when a customer makes a payment on a card which has 3D Secure and has been issued in the EEA or UK.
The customer authentication could be any two of the three below for example:
When you purchase something over the phone, when you use a pre-paid card, or when it’s a low-value payment – the EU rules consider these to be amounts under €30/ £25 among other variables. It’s also worth noting that after a certain number of low payments the cardholder may need to complete additional checks.
Financial institutions need to ensure they have strong customer authentication (SCA). We have a solution - an additional service, called 3D Secure which enables Thredd customers to set up SCA with their cardholders. It’s an add- on service which is integrated into the Thredd platform which you can access via our API. Among other tasks, we check the value and the frequency of payments, and can identify whether SCA is required, or if the payment is exempt from SCA, in real-time.
Our Thredd Apex processes billions of transactions every year and is fully-certified by Visa and Mastercard – and we test every single transaction to see whether it meets SCA criteria, so you can feel reassured. We can undertake a high level of the transaction and status checking for you. Plus, when the regulations change, we update our systems to comply with the regulations.
Our highly-configurable platform and a full suite of APIs means customers like Starling bank and Curve can deliver real-time spending notifications to customers which is crucial to ensuring PSD2 is adhered to.
At Thredd we support our customers by staying up to date with the regulatory requirements of all the territories that we operate it, giving financial institutions peace of mind with all current regulations, including PSD2, giving financial institutions peace of mind that their solutions meet the required standards. Thredd are a trusted and proven partner, right at the heart of the fintech ecosystem.
Thredd’s security standards mean you don’t need to be concerned about security or durability. On top of our PCI DSS L1 accreditation, we are certified for ISO 27001 (which covers information security) and ISO 22301 (which covers business continuity) and we work towards the latest measures in compliance.
We have a solution that satisfies the rigours and expectations of tier 1 banks as we have passed the test to work with them. Royal Bank of Scotland for example, came to Thredd when looking to developing their digital proposition, Bo.
Modernising a tech stack is no longer the lengthy, technically detailed and costly task it once was. By working with specialist providers, such as Thredd in the issuer processing space, financial institutions can deepen their relationships with customers, deliver better services and set themselves up for future growth.
Spot an acronym or term you don’t recall? Head to our Thredd payments glossary.
Sign up to receive Industry news, events and insights delivered straight to your inbox.