New Financial Conduct Authority (FCA) requirement to implement Strong Customer Authentication (SCA) for Online Transactions

January 12, 2022

Compliance Concept: Arrow of A Compass Pointing Compliance Text

3D Secure and Voyager Online Links

3D Secure is a system that is designed to increase the security of transactions online. It has been around for a while, however the deadline from the Financial Conduct Authority (FCA) is looming on the 14th March 2022 and many banks are requiring this to be implemented before the deadline.

Why is there the need for this?

Since the beginning of online transactions payment fraud has been a growing issue, which shows little sign of slowing down. To prevent this, the European Commission required the implementation of Strong Customer Authentication (SCA). As the UK was part of the EU during the time this was passed, UK firms will still need to implement it.

What is Strong Customer Authentication?

SCA requires two or more independent factors in the authentication process. The 3 available factors are:

  1. Something your customer knows, for example: a PIN or Password
  2. Something your customer possesses, for example: a credit card or a smartphone
  3. Something your customer is, for example: using a fingerprint or facial recognition

An electronic payment needs to be authenticated by at least 2 of these, hence being known as Multi-Factor Authentication (MFA) or 2-Factor Authentication (2FA).

There are some exceptions to these rules though.

What does this mean when it is implemented?

As this security functionality has been around for some time, you may have already seen it in action. Basically, when a card holder tries to make a payment online, they will be directed to their bank’s 3D Secure page if the bank deems that the payment exceeds their threshold.

When SCA comes into force, the 3DS authentication will become the default method, although this authentication is expected to only result in 5% – 10% of transaction ending with the cardholder being redirected to the banks website to complete 2FA. This is due to the new 3D Secure V2.0 doing a lot of authentication behind the scenes.

Contactless card machines will also be subject to the new rules and a cardholder will need to do a chip and pin transaction if the cumulative contactless spend reaches £150 since their last chip and pin transaction.

What does this mean for Voyager Insurance?

Originally the FCA wanted firms to implement Strong Customer Authentication (SCA) for online and mobile banking by the 14th September 2021, however due to the COVID pandemic and issues over implementation the FCA extended this to the 14th March 2022.

We have taken the decision to implement 3D Secure across our online links early to ensure we comply with these regulations and because certain card issuers have implemented 3D Secure early, which can cause issues with certain online transactions.

Our online customer journey links will be upgraded to take advantage of this enhanced security automatically.