Help uncover your inefficiencies, reduce fees, and improve your payment operations.
Get Started

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a regulatory mandate established under the Payment Services Directive 2 (PSD2) in Europe and the UK, it aims to bolster payment security through the enforcement of multi-factor authentication to verify a customer's identity. This regulation obliges travel companies (and merchants) to adopt supplementary security measures, which may include a mix of passwords, biometric data, or device-based authentication, to safeguard transactions against fraudulent activities. SCA enhances the overall security of payment processes and guarantees adherence to European payment regulations.

Strong Customer Authentication Exemptions

There are a few exceptions to SCA and some transactions that fall outside its scope, which let payment service providers skip the SCA rules for specific transactions. This can depend on factors like the risk level, the amount involved, or the payment method used. On the other hand, out-of-scope transactions are those that don't fall under the SCA requirements set by the Payment Services Directive 2 (PSD2).

Some of the more common exemptions from Strong Customer Authentication (SCA) are as follows,

  • Low-value transactions, which are those under a specified threshold (€30 or its equivalent).
  • Trusted beneficiaries, where payments made to previously approved recipients are not subject to SCA.
  • Recurring payments, which involve consistent amounts sent to the same recipient.
  • Secure corporate payments, referring to business transactions that have undergone risk assessment and comply with established security criteria.

The typical transactions that fall outside the scope include,

  • Mail-order or telephone-order (MOTO) transactions where the payment card is not physically present during the sale, requiring manual entry or reading from a document.
  • Offline transactions, which occur when a payment is processed without the card terminal being linked to the payment card issuer's network.
  • Low-risk transactions, which are classified as such according to the risk assessment conducted by the payment service provider.

Full guidance on exemptions can be found here (ukfinance.org.uk)

Strong Customer Authentication in Travel Payments

In the travel sector, financial transactions frequently involve substantial sums, international dealings, and a complicated network of airlines, hotels, and various service providers. This complexity necessitates robust security measures, with Strong Customer Authentication (SCA) being crucial in mitigating the risks associated with travel payments. The regulation enhances the security framework by mandating multi-factor authentication, which ensures that payments are only processed after confirming the customer's identity through at least two of the following three elements: something the customer knows (such as a password), something the customer possesses (like a mobile device), and something the customer is (including biometric identifiers like fingerprints or facial recognition).

Travel transactions frequently take place online, which heightens the risk of fraud, particularly through compromised card details or identity theft. By adopting Strong Customer Authentication (SCA), travel companies can significantly lower fraud incidents by introducing an additional security measure during online reservations and payments. Moreover, SCA compliance goes beyond safeguarding the business against financial losses from fraud; it also plays a crucial role in building customer trust and fulfilling regulatory requirements for seamless operations in Europe and the UK.

The travel sector encounters distinct challenges stemming from the diverse payment methods available, such as websites, mobile applications, call centers, and face-to-face bookings at airports or travel agencies. It is essential to implement Strong Customer Authentication (SCA) across these various channels without hindering the customer experience. For example, travel companies need to keep the booking process swift and seamless, especially for customers making last-minute flight or accommodation purchases. To meet these demands, many travel companies utilise exemptions like low-value transactions or trusted beneficiaries, which help minimise friction for reliable customers while ensuring security for higher-risk transactions.

The wide range of payment types in travel—from single bookings to recurring payments for subscription-based services like loyalty programs—means that SCA needs to be applied flexibly. Travel companies must determine where exemptions can be applied (e.g., recurring payments) and where the full SCA process is needed, such as high-value bookings or first-time customer transactions.

SCA is essential in safeguarding the integrity of travel payments, offering protection against fraud while ensuring that travel companies remain compliant with European and UK payment regulations. At the same time, travel businesses must strategically implement these measures to avoid adding friction to the customer experience, especially in an industry where convenience and speed are paramount.

Strong Customer Authentication Challenges

Implementing Strong Customer Authentication (SCA) in the travel sector presents numerous challenges, especially given the variety and intricacy of payment methods and customer engagements. Travel firms need to modify their current systems and payment workflows to meet SCA requirements while ensuring that transaction speed and convenience remain intact. This is vital in a dynamic industry where customers demand smooth experiences. Smaller enterprises may find this particularly challenging, as they often do not have the necessary resources or technical capabilities to quickly roll out multi-factor authentication across all platforms.

How Felloh can Help with Strong Customer Authentication

Felloh supports travel companies in complying with Strong Customer Authentication (SCA) requirements by integrating secure, multi-factor authentication methods into its payment processes. This ensures that businesses meet the regulatory standards set by PSD2, reducing fraud risks while maintaining a smooth customer experience. With Felloh, travel businesses can implement SCA without introducing unnecessary friction into the booking process, ensuring that transactions are both secure and seamless for their customers.

Join over 300 travel companies making payments simple with Felloh.

We are dedicated to making payments better for the travel industry
Felloh reconciliation illustrationFelloh payment orchestration illustration
Felloh dashboard illustration
RELATED TERMS