Strong Customer Authentication (SCA) is a regulatory mandate established under the Payment Services Directive 2 (PSD2) in Europe and the UK, it aims to bolster payment security through the enforcement of multi-factor authentication to verify a customer's identity. This regulation obliges travel companies (and merchants) to adopt supplementary security measures, which may include a mix of passwords, biometric data, or device-based authentication, to safeguard transactions against fraudulent activities. SCA enhances the overall security of payment processes and guarantees adherence to European payment regulations.
There are a few exceptions to SCA and some transactions that fall outside its scope, which let payment service providers skip the SCA rules for specific transactions. This can depend on factors like the risk level, the amount involved, or the payment method used. On the other hand, out-of-scope transactions are those that don't fall under the SCA requirements set by the Payment Services Directive 2 (PSD2).
Some of the more common exemptions from Strong Customer Authentication (SCA) are as follows,
The typical transactions that fall outside the scope include,
Full guidance on exemptions can be found here (ukfinance.org.uk)
In the travel sector, financial transactions frequently involve substantial sums, international dealings, and a complicated network of airlines, hotels, and various service providers. This complexity necessitates robust security measures, with Strong Customer Authentication (SCA) being crucial in mitigating the risks associated with travel payments. The regulation enhances the security framework by mandating multi-factor authentication, which ensures that payments are only processed after confirming the customer's identity through at least two of the following three elements: something the customer knows (such as a password), something the customer possesses (like a mobile device), and something the customer is (including biometric identifiers like fingerprints or facial recognition).
Travel transactions frequently take place online, which heightens the risk of fraud, particularly through compromised card details or identity theft. By adopting Strong Customer Authentication (SCA), travel companies can significantly lower fraud incidents by introducing an additional security measure during online reservations and payments. Moreover, SCA compliance goes beyond safeguarding the business against financial losses from fraud; it also plays a crucial role in building customer trust and fulfilling regulatory requirements for seamless operations in Europe and the UK.
The travel sector encounters distinct challenges stemming from the diverse payment methods available, such as websites, mobile applications, call centers, and face-to-face bookings at airports or travel agencies. It is essential to implement Strong Customer Authentication (SCA) across these various channels without hindering the customer experience. For example, travel companies need to keep the booking process swift and seamless, especially for customers making last-minute flight or accommodation purchases. To meet these demands, many travel companies utilise exemptions like low-value transactions or trusted beneficiaries, which help minimise friction for reliable customers while ensuring security for higher-risk transactions.
The wide range of payment types in travel—from single bookings to recurring payments for subscription-based services like loyalty programs—means that SCA needs to be applied flexibly. Travel companies must determine where exemptions can be applied (e.g., recurring payments) and where the full SCA process is needed, such as high-value bookings or first-time customer transactions.
SCA is essential in safeguarding the integrity of travel payments, offering protection against fraud while ensuring that travel companies remain compliant with European and UK payment regulations. At the same time, travel businesses must strategically implement these measures to avoid adding friction to the customer experience, especially in an industry where convenience and speed are paramount.
Implementing Strong Customer Authentication (SCA) in the travel sector presents numerous challenges, especially given the variety and intricacy of payment methods and customer engagements. Travel firms need to modify their current systems and payment workflows to meet SCA requirements while ensuring that transaction speed and convenience remain intact. This is vital in a dynamic industry where customers demand smooth experiences. Smaller enterprises may find this particularly challenging, as they often do not have the necessary resources or technical capabilities to quickly roll out multi-factor authentication across all platforms.
Felloh supports travel companies in complying with Strong Customer Authentication (SCA) requirements by integrating secure, multi-factor authentication methods into its payment processes. This ensures that businesses meet the regulatory standards set by PSD2, reducing fraud risks while maintaining a smooth customer experience. With Felloh, travel businesses can implement SCA without introducing unnecessary friction into the booking process, ensuring that transactions are both secure and seamless for their customers.