Powering Payments.  Powering Commerce

Understanding PSD2 SCA:
Key Facts and 3DS

As a merchant, you may have been inundated in the past few months by an information overload around the new PSD2 SCA regulations, which come into play on September 14th. The information surrounding the new legislation can be confusing to even the most experienced e-commerce operators, so this simple guide will take you through:

• What is PSD2 SCA?
• What is 3-D Secure?
• What is our current position and solution?
• What do our merchants need to do?
• What additional support do we offer?


PSD2, the second Payment Services Directive, was established to benefit consumers by driving payment innovation and data security. It involves new security processes and standardises payment security technology to enhance transaction safety across the board.

SCA stands for Strong Customer Authentication and is a major component of PSD2 for digital transactions. The goal of SCA is to reduce fraud by requiring merchants and issuers to validate consumers when they use electronic payment methods. This is applicable for merchants in the European Economic Area (EEA).

IMPORTANT: PSD2 SCA goes into effect on September 14th, 2019.


PSD2 SCA can be fulfilled by using EMV® 3-D Secure (formerly known as 3DS 2.0) to authenticate Card-Not-Present transactions. 3DS is a set of protocols that work behind-the scenes on any device, by requiring two-factor authentication. Simply put, it authenticates transactions and makes better risk decisions.

Benefits to merchants include:

  • Reduction in fraud
  • Reduction in false declines
  • Increase in good orders
  • Limiting friction for customers during checkout



The SCA requirement means that the electronic payment service must be secure, guarantee that the buyer is authenticated safely, and that the risk of fraud is reduced. 3DS does this by supporting the requirements of SCA:

  • Something only the customer has, e.g. a mobile device
  • Something only the customer knows, e.g. a password
  • Something only the customer is, e.g. a fingerprint

Any two of the three will fulfil the SCA requirement, and allow the buyer to complete the transaction or access their banking platform.  


We have a partnership with CardinalCommerce for 3DS, providing clients and partners with an authentication solution to help them comply with PSD2’s SCA requirement.

CardinalCommerce is a global leader in the authentication of Card-Not-Present transactions. For over two decades, Cardinal has been bringing merchants, issuers, and shoppers together in an experience where everybody wins. Cardinal’s expertise in technology and payment authentication brings added security to digital transactions, while reducing fraud and supporting digital commerce.

The 3DS solution is embedded within our Hosted Payment Page, and in many cases there is no additional work required for clients using this solution. If, however, you use a different method of integration, for example if you use Web Services API, there will be some small and simple changes that you will need to make. For help and guidance on what you may need to do, please get in touch with your account manager.



Our team of payments expert’s are here to provide support and guidance on these regulatory requirements and how our solutions will be impacted.

For further information please reach out to your account manager or alternatively contact our support team.