You have been reading continuously about PSD2 Strong Customer Authentication (SCA) for the better part of a year and finally as of
1 January 2021 — it is here.

Many merchants across Europe have already fully implemented 3D Secure 2 and SCA as they understand that these new measures protect them and their customers from fraud and are mandated by payments regulators, card schemes and issuers, and so are crucial for their business.

Although this is a directive mandated to all EEA/UK countries, certain countries have announced delays in the enforcement of SCA or have created a tiered approach to its implementation, which makes things seem more complicated. We collected all the information for you so you can follow up on all the changes and make the necessary decisions for your business. These dates and amounts are subject to change, so you may want to check this page for updates.

 

 

  
  January
 February
 March
 April
 May
 June
 July
August
September
France
5.1
SCA required  for all transactions over €1000
15.2
SCA required  for all transactions over €500
1.4
SCA required  for all transactions below €500 (progressively)
1.7
Full implementation required
Denmark & Sweden
11.1/14.1
Full implementation required
Germany  & Austria
15.1
SCA required  for all transactions over €250
15.2
SCA required  for all transactions over €150
15.3
Full implementation required
Belgium
18.1
SCA required  for all transactions over €1500
23.2
SCA required  for all transactions over €500
23.3
SCA required  for all transactions over €250
19.5
SCA required  for all transactions over €100
18.5
Full implementation required
Italy
1.7
SCA required  for all transactions over €500
1.3
SCA required  for all transactions over €100
1.4
Full implementation required
United Kingdom  
1.6
Gradual enforcement of SCA
14.9
Full implementation required

*Please note: Any country not listed above did not announce a delay and has the enforcement date of January 1, 2021.

It is important to note that these delays are set by regional regulators and do not guarantee that specific issuers within a country will not require SCA on all in-scope transactions earlier than the deadline set by the local regulator. Each issuer has their own policy, and these are also subject to change.

For example, UK issuers announced[1] that they will start randomly checking if ecommerce transactions are SCA compliant from 1 June 2021 and soft-declining them if not.

Another example is in France. According to local regulators, between April 1st and July 1st, the transaction amount when SCA is required will gradually lower from €500 downwards.

These examples represent a certain level of unknown that is symptomatic of this whole period of implementing PSD2 Strong Customer Authentication.

To protect your transactions from declines, we recommend that you be compliant with SCA for all in-scope transactions or have approved exemptions.

Credorax’s Smart 3D Secure solution ensures your 3D Secure employment is optimized for SCA and anti-fraud protection.

To learn more, read our recent guide for merchants on 3D Secure and PSD2.

contact us

[1] From https://www.ukfinance.org.uk