← All glossary terms
Compliance and Verification

Strong Customer Authentication (SCA)

Glossary Updated 5 Jul 2026

Strong Customer Authentication, or SCA, is the European regulatory requirement, introduced under the PSD2 directive, that electronic payments be authenticated with at least two independent factors: something the customer knows, has or is. It applies to most customer initiated card payments where both issuer and acquirer are in the European Economic Area or the UK.

Why it matters

SCA moved European checkout from optional friction to mandated friction, and the game for merchants became exemption management: low value exemptions, transaction risk analysis, trusted beneficiary listings, and the merchant initiated transaction framework that keeps recurring subscription charges out of scope after a properly authenticated first payment. High risk merchants have less access to friendly exemptions because their acquirers’ fraud rates set the exemption ceiling. Getting subscription billing correctly flagged as merchant initiated is the single most valuable SCA detail for continuity businesses.

Related terms

Go deeper