SCA
Strong Customer Authentication.
Why it matters
SCA matters because it changes fraud prevention, checkout friction, regulatory compliance, payment exemptions, issuer decisioning, and the user experience of account access.
How it works
Operationally, a payment or account-access request is assessed for authentication need, the customer is challenged or passed through a lower-friction path, and the result becomes part of the risk and approval decision.
Risks and pitfalls
The common pitfall is to treat SCA as always required and always identical. Exemptions, transaction risk analysis, channel design, issuer behavior, and local regulation can change the authentication path.
Regional notes
In BIST/MOEX/global contexts, SCA language should be linked to the local legal payment-service perimeter, the available authentication rails, and whether the flow is card payment, open banking, or account access.
Related terms
Compare with
ISO 20022Build from
PSD2Primary sources
European Banking Authority
2026-03-15European Banking Authority: Strong Customer Authentication
Primary source for SCA and PSD2 compliance context.
EMVCo
2026-03-15EMVCo: EMV 3-D Secure
Primary source for 3DS protocol terminology.
Open Banking UK
2026-03-15Open Banking UK: API standards
Primary source for open banking permissions and recurring payment rails.
Reviewed
5/4/2026
Common questions
What does SCA mean?
Strong Customer Authentication.
Why does SCA matter in fintech?
SCA matters because it changes fraud prevention, checkout friction, regulatory compliance, payment exemptions, issuer decisioning, and the user experience of account access.
What risks should teams watch with SCA?
The common pitfall is to treat SCA as always required and always identical. Exemptions, transaction risk analysis, channel design, issuer behavior, and local regulation can change the authentication path.