SCA Toolkit | Judopay

What is Strong Customer Authentication?

SCA is a legal requirement in the EU, which came into force in the UK and EU from 31 December 2020 and in the UK from 14 March 2022. As consumers continue to buy more goods and services online, there's been a growing need for an additional layer of security that protects both the consumer and merchant from falling victim to fraud. This new regulation ensures that an additional security layer is added to most online payment flows.

What is PSD2?

The Regulation
The Payment Service Directive is a European regulation designed to make online payments more secure, improve customer rights and enable third-party access to account information.

What is SCA?

The Requirement
Strong Customer Authentication is a requirement of PSD2, designed 'to make online payments more secure'. It asks businesses to use 2 authentication elements to verify online payments.

What is 3DS2?

The Solution
3D Secure 2 is an authentication protocol for SCA. It adds an additional layer of security during online transactions to help ensure that the cardholder and the person making the purchase, match.

What is PSD2?

The Regulation
The Payment Service Directive is a European regulation designed to make online payments more secure, improve customer rights and enable third-party access to account information.

What is SCA?

The Requirement
Strong Customer Authentication is a requirement of PSD2, designed 'to make online payments more secure'. It asks businesses to use 2 authentication elements to verify online payments.

What is 3DS2?

SCA requires online payments to have an extra layer of security.

Customer initiates payment.

The customer starts the transaction on your website or in your app.

NEW

Authentication check.

If the issuer is satisfied that the cardholder is the person making the purchase they'll authenticate the payment . If not, they'll ask the cardholder for some extra input.

Payment completed.

Once the issuer is satisfied, they'll authorise the payment.

FAQs

While we'll continue to update this toolkit, if you have any additional questions that are not covered here, email us at help@judopay.com.

How can I enable 3DS on my API keys?

If it is your first time integrating 3D Secure, you will need to ensure you have an API application key (token and secret) enabled for 3D Secure. Please contact help@judopay.com to get this configured on your account.

Can I accept 3DS payments with Amex?

Amex 3DS enrollment can take up to 8 business days but if your MID is activated already you can process payments without 3DS.

Can Judopay block non-3DS payments?

We're currently unable to block or reject non-3DS payments. If the card is not enrolled with 3DS, authentication is not requested and the transaction is processed as normal. In these cases we flag the transaction with the issuer as "3DS attempted but not enrolled". However, for cards that are enrolled in 3DS, if the cardholder does not pass the authentication stage, the payment fails.

Customer authentication to reduce fraud

Having the right authentication solution for your business ultimately means improving your authorisation rates and reducing your fraud exposure, all while providing a great customer experience.

What is Strong Customer Authentication?

What is PSD2?

What is SCA?

What is 3DS2?

What is PSD2?

What is SCA?

What is 3DS2?

SCA requires online payments to have an extra layer of security.

Customer initiates payment.

Authentication check.

Payment completed.

An introduction to Strong Customer Authentication (SCA)

FAQs

How can I enable 3DS on my API keys?

Can I accept 3DS payments with Amex?

Can Judopay block non-3DS payments?