What is strong customer authentication, and why should you care?


If you accept contactless cards or online payments, you should have strong customer authentication.

Woman looking confused at her phone with her card payment in other hand

If not, you may have a large number of contactless and online payments being declined.


That’s because you might not meet the new security requirements of strong customer authentication.


In this blog, we look at the significance of strong customer authentication for contactless and online payments and what it means for businesses.

What is strong customer authentication?


You might have already heard of strong customer authentication in another guise - two factor authentication.


Essentially it requires a customer’s bank to carry out extra checks to confirm a customer’s identity and be sure it’s them trying to make the purchase.


Strong customer authentication has actually been around since 2019, but it’s only this year the stricter security measures became mandatory.


It forms part of the second Payment Services Directive (PSD2), adding additional layers of security to electronic payments.


While part of an EU security policy that will affect the European Economic Area, it is still in force (and is likely to remain so) in the UK.

Person holding phone and payment card

Person sat down with laptop typing with payment card in other hand

What does strong customer authentication require?


Strong customer authentication requires the customer to carry out two or three potential tasks to confirm their ID during a purchase.


These are:

1 - Enter a password or PIN - this already happens occasionally when customers pay using a contactless card.


2 - Enter a one time passcode (OTP) - again, customers will already be familiar with this as banks have been using it to confirm bank transactions (like money transfers) for years.


3 - Use their biometric data - this has already been used by users of mobile wallets on smart devices as a customer is required to use their fingerprint or facial scan to authorise a payment using their smartphone.

What do you need to do as a business?


Strong customer authentication is more an issue for your business bank provider than you as the business, as the bank is required to carry out the ID checks.


However, if the SCA requirements aren’t set up for you, your customer may not be able to complete a purchase because they can’t complete the additional ID checks.


This means you should contact your business bank and ensure all the necessary steps have been taken to use the checks.


Your customer may be asked to enter their PIN into the card machine for in-store payments while using contactless.


Online, customers could be required to request a one time passcode to confirm the payment, or they could be required to enter their biometric data if trying to pay online via mobile.

Hospitality staff member at work using a touch device

Benefit from secure contactless card payments


Strong customer authentication is a significant step in making contactless payments even more secure and protecting customers (and you as the business) from payment fraud.


It’s essential that everything is in place for customers to complete the additional ID checks, or you could start to see more transactions declined.


Suppose you have noticed more contactless transactions being declined and customers unable to complete purchases.

In that case, it could be worth contacting your business bank to ensure everything is set up to comply with strong customer authentication.


If you’re interested in finding out how you can get a better deal from your contactless card machine, find out more

Financial disclaimer:

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated in the UK by the Financial Conduct Authority (FCA) for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay Ltd is authorised and regulated by the FCA for Consumer Credit under FRN 673564. Handepay is a credit broker for consumer hire not a lender.

Handepay acts as an introducer of card acquiring services on behalf of EVO Payments UK, the card acquiring service provider. EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Existing Cards Businesses- The one-month rolling terminal hire contract from Merchant Rentals is only available to businesses that are switching from their current acquirer to EVO Payments UK arranged through Handepay.

New to Cards Businesses- The 12-month terminal hire contract from Merchant Rentals is only available to businesses that are new to card payments and wish to receive acquiring services from EVO Payments UK, arranged through Handepay.

The Next Day Banking Settlement service provided by EVO Payments UK incurs an additional fee of £4 a month on top of your acquiring service charges and fees. Provided your card machine performs a reconciliation before 12am (midnight), you’ll receive settlement of funds the next banking day.

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised.

All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.