It is very likely that you have heard about the SCA (Stronger Customer Authentication), in short, the electronic payment authentication system, is one of the main measures introduced by the European Directive 2015/2366 on payment services in the internal market, known as PSD2.
This directive comes into force with the aim of improving consumer protection, boosting competition and innovation in the industry, and enhancing security in the payments market. Therefore, in compliance with the directive, Shasta has implemented a new authentication system, with the aim of strengthening Shasta’s accounts and users’ payments.
But… what is SCA?
This is enhanced customer authentication, a new requirement called for by the European Union to reduce fraud and ensure greater security. It consists of requiring an additional step in the validation flow of certain financial transactions.
The SCA requires the use of three elements to authorise certain transactions:
Element known to the user: PIN code or password.
Element the user’s personal element: fingerprint or facial recognition, known as biometric identification.
Element that the user possesses: phone or token.
This strong authentication not only benefits users but also merchants, and greatly reduces the possibility of fraudulent transactions.
The intention of PSD2 is to make SCA a requirement for all online card transactions where the buyer is present.
The regulation, which has already come into force in Spain, will also come into force in other EU countries, such as France, Germany and the UK, in March and September respectively.
When will this verification be required?
Double verification will be requested in the following cases:
- Online payments made by card by the user (within the EU).
- Bank transfers.
But there are also exceptions where it is not required, for example:
- Physical card payments.
- Low-risk payments.
- Non-consecutive transactions of values of less than €30.
- Fixed amount subscriptions, same entity.
- Transactions initiated by the merchant (e.g. subscriptions).
- Trusted payees.
How does the SCA apply to Shasta?
If you make your first log in (once installed) in the application you must:
1. Sign up with the OTP* code that we will send you by SMS.
2. Register and enter your email address and verify it.
Generate a PIN code to access the application, this will be stored securely.
*One-Time Password (OTP) is a password valid for one authentication only.
If you are already registered, simply:
1. Enter the application with the OTP (code) that is sent to you by SMS or email.
Once set up, every time you want to open Shasta you will have to identify yourself with the PIN code (previously generated) or biometric identification (Face ID or fingerprint).
At the time of performing a transaction in the app
When you are going to make an online payment or transfer, you must authorise the action with the second verification factor. You simply enter the PIN set when you log in or provide the biometric factor. If the biometric factor cannot be guaranteed, the PIN will be required.