Skip to main content
All CollectionsLegal and SecurityCompliance
Understanding PSD2 and Strong Customer Authentication (SCA)
Understanding PSD2 and Strong Customer Authentication (SCA)
Updated over a week ago

The Payment Services Directive 2 (PSD2) is a European regulation designed to enhance the security of electronic payments and better protect consumers. This directive was introduced in 2019.

What Is Strong Customer Authentication (SCA)?

SCA, as required by PSD2, strengthens security by mandating a verification process for accessing accounts and making payment transactions. This process requires at least two of the following three authentication factors:

  1. Something you know: A password, PIN, or another code known only to the user.

  2. Something you have: A device such as a mobile phone, smart card, or token that is uniquely possessed by the user.

  3. Something you are: A biometric characteristic like a fingerprint, facial recognition, or voice.

How Does Spendesk Implement SCA?

At Spendesk, we comply with PSD2 and SCA requirements through:

  • Account Access: Secure login methods including password protection, Google Authenticator, Microsoft Authenticator, and SAML SSO.

  • Online Payments: Use of the 3-D Secure (3DS) protocol to verify payments made on websites that support 3DS.

Specific Guidelines for Recurring Cards

For recurring payments made with Spendesk cards, our banking partner has set additional security measures. Any recurring transaction exceeding €500 will require 3DS verification, even if the merchant has requested an exemption for recurring payments. If the user does not confirm via 3DS, the payment will be declined.

FAQ

1. What happens if I forget my password or lose access to my authentication device? Please contact support@spendesk.com for assistance. Ensure you have backup recovery methods set up for authentication apps like Google Authenticator or Microsoft Authenticator.

2. Why do some merchants request exemptions for 3DS? Merchants may request exemptions for low-risk or recurring transactions. However, thresholds and security protocols set by our banking partner may override these exemptions for your protection.

3. How can I update my authentication methods? You can manage your authentication settings in the Settings tab of your Spendesk account. If you need additional help, contact support@spendesk.com.

4. Does this affect all payment methods? SCA primarily applies to card-based payments and account access. Other payment methods may have different security protocols.

For any additional questions, feel free to reach out to our team at support@spendesk.com. We’re here to help!

Related Articles
Log in with Google authentication, SAML SSO or Microsoft Connect
Set up 3DS
Legal framework : secure your access to Spendesk
Strong customer authentication (SCA) on mobile
3DS common issues
Did this answer your question?