{"id":22881,"date":"2025-05-27T18:27:33","date_gmt":"2025-05-27T12:57:33","guid":{"rendered":"https:\/\/blog.razorpay.in\/blog\/?p=22881"},"modified":"2026-04-13T20:45:56","modified_gmt":"2026-04-13T15:15:56","slug":"what-is-strong-customer-authentication","status":"publish","type":"post","link":"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/","title":{"rendered":"What is Strong Customer Authentication: A Complete Guide"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">If you&#8217;re an Indian business looking to expand into the European market,or already serving EEA customers,understanding Strong Customer Authentication (SCA) is essential for seamless payments and compliance. Strong Customer Authentication (SCA) is a regulatory requirement under the Payment Services Directive 2 (PSD2) in Europe, aimed at reducing online fraud and making <\/span><span style=\"font-weight: 400;\">digital payments<\/span><span style=\"font-weight: 400;\"> more secure. In simple terms, SCA ensures that customers are who they say they are,by asking for more than just a password or card number during transactions.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69f37aeec927b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69f37aeec927b\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#What_Does_Strong_Customer_Authentication_Mean\" >What Does Strong Customer Authentication Mean?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Key_takeaways\" >Key takeaways<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Key_Changes_and_Impact_on_Businesses_of_SCA\" >Key Changes and Impact on Businesses of SCA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#When_Do_You_Need_Strong_Customer_Authentication\" >When Do You Need Strong Customer Authentication?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#How_Strong_Customer_Authentication_Works_in_Practice\" >How Strong Customer Authentication Works in Practice<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Fraud_Liability_PSD2_and_Secure_Authentication_Protocols\" >Fraud Liability, PSD2, and Secure Authentication Protocols<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Exemptions_to_Strong_Customer_Authentication_Rules\" >Exemptions to Strong Customer Authentication Rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#What_Happens_If_an_Exemption_Is_Rejected\" >What Happens If an Exemption Is Rejected?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Potential_Challenges_and_Issues_with_Strong_Customer_Authentication\" >Potential Challenges and Issues with Strong Customer Authentication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Did_You_Know\" >Did You Know?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Conclusion\" >Conclusion<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Ready_to_Make_SCA_Compliance_Effortless\" >Ready to Make SCA Compliance Effortless?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/razorpay.com\/blog\/what-is-strong-customer-authentication\/#Frequently_Asked_Questions_FAQs\" >Frequently Asked Questions (FAQs)<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_Does_Strong_Customer_Authentication_Mean\"><\/span><b>What Does Strong Customer Authentication Mean?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Strong Customer Authentication (SCA) is a security requirement that ensures customers prove their identity using at least two independent authentication factors before completing electronic payments. This multi-layered approach significantly reduces fraud risk by making it much harder for unauthorised users to complete transactions.<\/span><\/p>\n<div style=\"border-left: 4px solid #0073aa; background: #f0f8ff; padding: 15px; margin: 20px 0; border-radius: 5px;\">\n<h2 style=\"color: #0073aa; font-size: 18px; margin: 0 0 8px 0; display: inline-block;\"><span class=\"ez-toc-section\" id=\"Key_takeaways\"><\/span>Key takeaways<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"display: inline-block; margin: 0 0 0 10px; padding-left: 18px; vertical-align: top;\">\n<li>SCA requires two-factor authentication for electronic payments in the EEA using knowledge, possession, or inherence factors<\/li>\n<li>Multiple exemptions exist for low-value transactions, recurring payments, and trusted merchants to reduce friction<\/li>\n<li>3D Secure 2 is the primary solution for online SCA compliance, shifting fraud liability from merchants to banks<\/li>\n<li>Indian businesses serving EEA customers must ensure their payment providers support SCA-compliant flows<\/li>\n<li>Proper implementation balances security and user experience through smart exemption strategies and fallback authentication<\/li>\n<\/ul>\n<\/div>\n<p><span style=\"font-weight: 400;\">If you&#8217;re an Indian business looking to expand into the European market,or already serving EEA customers,understanding Strong Customer Authentication (SCA) is essential for seamless payments and compliance. Strong Customer Authentication (SCA) is a regulatory requirement under the Payment Services Directive 2 (PSD2) in Europe, aimed at reducing online fraud and making <\/span><a href=\"https:\/\/razorpay.com\/learn\/digital-payments-india-definition-methods-importance\/\"><span style=\"font-weight: 400;\">digital payments<\/span><\/a><span style=\"font-weight: 400;\"> more secure. In simple terms, SCA ensures that customers are who they say they are,by asking for more than just a password or card number during transactions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Think of it as an extra layer of protection, especially for electronic payments, whether they&#8217;re made online or in-store. The goal? To make sure the person initiating a payment is the actual account holder.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To comply with SCA, a payment must include at least two of the following three authentication factors:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Knowledge: Something only the user knows (e.g., a password or PIN)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Possession: Something only the user has (e.g., a mobile device or hardware token)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Inherence: Something the user <\/span><i><span style=\"font-weight: 400;\">is<\/span><\/i><span style=\"font-weight: 400;\"> (e.g., fingerprint or facial recognition)<\/span><\/li>\n<\/ul>\n<h3><b>Comparison of Authentication Methods<\/b><\/h3>\n<table>\n<tbody>\n<tr>\n<td><b>Authentication Method<\/b><\/td>\n<td><b>Security Level<\/b><\/td>\n<td><b>User Experience<\/b><\/td>\n<td><b>SCA Compliance<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Password + SMS OTP<\/span><\/td>\n<td><span style=\"font-weight: 400;\">High<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Moderate friction<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Compliant<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Biometric (fingerprint\/face)<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Very High<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Seamless<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Compliant<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Push notification + PIN<\/span><\/td>\n<td><span style=\"font-weight: 400;\">High<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Low friction<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Compliant<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Password only<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Low<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Seamless<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Not compliant<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">This requirement is mandatory for most electronic payments in the European Economic Area (EEA) and is enforced by banks and payment providers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Example: When a customer in the EU tries to make an online card payment, they might receive a one-time password (OTP) on their phone (possession), enter a PIN they know (knowledge), or verify using their fingerprint (inherence). This layered security approach makes it harder for fraudsters to bypass authentication,even if they get hold of card details.<\/span><\/p>\n<h3><b>Strong Customer Authentication Example<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Let&#8217;s look at how SCA works in a real-world scenario:<\/span><\/p>\n<p><b>Scenario:<\/b><span style=\"font-weight: 400;\"> You&#8217;re an Indian exporter selling handcrafted goods to customers in Germany through your e-commerce website. A customer in Berlin wants to purchase a \u20b915,000 order using their debit card.<\/span><\/p>\n<p><b>Here&#8217;s what happens:<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Customer initiates payment:<\/b><span style=\"font-weight: 400;\"> They enter their card details on your checkout page and click &#8220;Pay Now&#8221;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SCA triggers:<\/b><span style=\"font-weight: 400;\"> Because both the merchant (you) and the customer&#8217;s bank are within the EEA scope, SCA is required<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>First factor,Knowledge:<\/b><span style=\"font-weight: 400;\"> The customer is redirected to their bank&#8217;s authentication page, where they enter their online banking password<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Second factor,Possession:<\/b><span style=\"font-weight: 400;\"> The bank sends a one-time passcode (OTP) to the customer&#8217;s registered mobile phone<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Customer completes authentication:<\/b><span style=\"font-weight: 400;\"> They enter the OTP within the time limit<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Payment approved:<\/b><span style=\"font-weight: 400;\"> Once both factors are verified, the payment is authorised and you receive confirmation<\/span><\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"Key_Changes_and_Impact_on_Businesses_of_SCA\"><\/span><b>Key Changes and Impact on Businesses of SCA<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">SCA has fundamentally changed how businesses process payments in the EEA. The main impacts include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enhanced Authentication Requirements:<\/span><span style=\"font-weight: 400;\"> All customer-initiated electronic payments now require multi-factor authentication<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Operational Changes:<\/span><span style=\"font-weight: 400;\"> Businesses must integrate SCA-compliant payment flows and handle authentication failures<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Compliance Obligations:<\/span><span style=\"font-weight: 400;\"> Non-compliance can result in payment declines and potential regulatory penalties<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customer Experience Impact:<\/span><span style=\"font-weight: 400;\"> Additional authentication steps may increase checkout friction but significantly reduce fraud<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For Indian businesses, this means ensuring your payment infrastructure can handle SCA requirements when serving European customers, or risk losing sales due to declined transactions.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"When_Do_You_Need_Strong_Customer_Authentication\"><\/span><b>When Do You Need Strong Customer Authentication?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Strong Customer Authentication (SCA) applies to customer-initiated electronic payments within the European Economic Area (EEA). This includes both <\/span><a href=\"https:\/\/razorpay.com\/learn\/what-is-online-transaction\/\"><span style=\"font-weight: 400;\">online transactions<\/span><\/a><span style=\"font-weight: 400;\"> (like purchasing on an e-commerce site) and offline <\/span><a href=\"https:\/\/razorpay.com\/blog\/what-is-contactless-payment\/\"><span style=\"font-weight: 400;\">contactless payments<\/span><\/a><span style=\"font-weight: 400;\"> (such as tapping a card at a POS terminal).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here are the most common scenarios where SCA is required:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Online card payments made by customers in the EEA<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Adding a new beneficiary or initiating a bank transfer via online banking<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Contactless in-store payments after certain limits are crossed (e.g., cumulative amount or number of transactions)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">However, SCA is not required in all cases. There are several important exemptions and edge cases:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Merchant-initiated transactions (MITs): These are payments made without the customer actively involved,like subscriptions or <\/span><a href=\"https:\/\/razorpay.com\/blog\/what-is-recurring-billing\/\"><span style=\"font-weight: 400;\">recurring billing<\/span><\/a><span style=\"font-weight: 400;\"> after the initial authentication.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Low-value transactions: Payments below \u20ac30 may be exempt unless a threshold is exceeded.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Trusted beneficiaries: If a customer has whitelisted a merchant, future payments to that merchant might bypass SCA.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Corporate payments made using secure, dedicated payment processes.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Transactions where either the cardholder or merchant is outside the EEA: SCA typically doesn&#8217;t apply to these cross-border scenarios.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Note for Indian Businesses:<\/span><span style=\"font-weight: 400;\"> If you&#8217;re serving customers in the EEA, Razorpay ensures your payments are processed without compliance hiccups. Our platform automatically supports SCA-compliant flows, so your transactions go through smoothly,every time.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_Strong_Customer_Authentication_Works_in_Practice\"><\/span><b>How Strong Customer Authentication Works in Practice<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Strong Customer Authentication works by requiring customers to verify their identity using two or more authentication factors during payment. For online payments, this typically involves 3D Secure 2 protocols, while offline payments use chip-and-PIN or biometric verification methods.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Authenticating a card payment under SCA depends on whether the transaction happens online or in person.<\/span><\/p>\n<h3><b>SCA Requirements (The 2-out-of-3 Rule)<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">To meet SCA compliance, you must authenticate your customers using at least two factors from three distinct categories. This is known as the &#8220;2-out-of-3 rule&#8221;-and it&#8217;s crucial that these factors remain independent of each other.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here&#8217;s what that means in practice:<\/span><\/p>\n<p><b>Independent Factors:<\/b><span style=\"font-weight: 400;\"> If one authentication method is compromised, it shouldn&#8217;t affect the others. For example, if a fraudster steals your password (knowledge), they still can&#8217;t access your account without your phone (possession) or fingerprint (inherence).<\/span><\/p>\n<p><b>Minimum Two Factors:<\/b><span style=\"font-weight: 400;\"> You can&#8217;t use two factors from the same category. For instance, using both a password and a security question wouldn&#8217;t qualify, as both are &#8220;knowledge&#8221; factors. You need factors from different categories,such as a password (knowledge) plus a fingerprint scan (inherence).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This multi-layered approach is what makes SCA significantly more secure than traditional password-only authentication. Even if fraudsters obtain one piece of information, they&#8217;re still blocked from completing fraudulent transactions without the second factor.<\/span><\/p>\n<h3><b>For Online Payments:<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The most common method is <\/span><a href=\"https:\/\/razorpay.com\/learn\/what-is-3d-secure\/\"><span style=\"font-weight: 400;\">3D Secure<\/span><\/a><span style=\"font-weight: 400;\">, specifically 3D Secure 2 (3DS2),an updated protocol that supports SCA and offers a better user experience. Here&#8217;s how it works:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customer initiates payment on an e-commerce site.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">They are prompted to authenticate via:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">OTP sent to a registered device (knowledge + possession)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Fingerprint or face scan if using Apple Pay or Google Pay (inherence)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Push notification from their banking app<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Once authentication is successful, the payment is completed.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Many modern payment providers,like Stripe, <\/span><a href=\"https:\/\/razorpay.com\/\"><span style=\"font-weight: 400;\">Razorpay<\/span><\/a><span style=\"font-weight: 400;\">, or Adyen,have built-in authentication flows to make this process smooth. For example, they allow biometric verification through platforms like Apple Pay, which satisfies SCA without adding friction.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td>\n<h3><b>Why Choose Razorpay for SCA Compliance?<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Seamless SCA flows tailored for Indian exporters and merchants<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Real-time updates to keep you ahead of compliance changes<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Dedicated support for cross-border transactions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Simple, secure integration for Indian businesses of all sizes<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/razorpay.com\/payment-gateway\/\"><span style=\"font-weight: 400;\">Learn how Razorpay helps Indian businesses expand globally<\/span><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><b>For Offline Payments:<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">For in-person card payments, authentication typically involves:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Inserting the card and entering a PIN (knowledge + possession)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Contactless transactions, which may skip SCA for small amounts but trigger authentication after set thresholds.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Fraud_Liability_PSD2_and_Secure_Authentication_Protocols\"><\/span><b>Fraud Liability, PSD2, and Secure Authentication Protocols<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">When transactions are SCA-compliant, fraud liability shifts from merchants to the cardholder&#8217;s bank, providing significant protection for businesses. Secure authentication protocols like 3D Secure 2 not only ensure compliance but also reduce chargeback risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">SCA doesn&#8217;t just enhance <\/span><a href=\"https:\/\/razorpay.com\/blog\/payment-security-types-explained\/\"><span style=\"font-weight: 400;\">payment security<\/span><\/a><span style=\"font-weight: 400;\">,it also shifts the liability for certain types of fraud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When a transaction is SCA-compliant, the responsibility for unauthorised payment disputes lies with the cardholder&#8217;s bank, not the merchant. This reduces your risk as a business owner, especially for online transactions.<\/span><\/p>\n<h3><b>Why 3D Secure Matters:<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">3D Secure 2 is the go-to solution for meeting SCA requirements in online card payments.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">It helps authenticate the cardholder, reducing fraud and boosting trust.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">It also protects merchants by transferring liability to the issuer bank if the transaction meets SCA standards.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">So, beyond compliance, using <\/span><a href=\"https:\/\/razorpay.com\/blog\/3ds-2-0-and-what-it-means-for-indian-exporters\/\"><span style=\"font-weight: 400;\">3DS2<\/span><\/a><span style=\"font-weight: 400;\"> helps lower <\/span><a href=\"https:\/\/razorpay.com\/blog\/what-is-a-chargeback\/\"><span style=\"font-weight: 400;\">chargeback<\/span><\/a><span style=\"font-weight: 400;\"> risks and improve fraud protection,critical for high-volume online businesses.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Exemptions_to_Strong_Customer_Authentication_Rules\"><\/span><b>Exemptions to Strong Customer Authentication Rules<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Not all transactions require Strong Customer Authentication. The regulation allows specific exemptions based on risk level, transaction amount, or type of payment. These exemptions help maintain a smooth customer experience without compromising security.<\/span><\/p>\n<h3><b>Real-Time Risk Analysis and Transaction Monitoring<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Real-time risk analysis (Transaction Risk Analysis or TRA) is a sophisticated system that evaluates the fraud risk of each transaction in real-time. Payment providers use machine learning algorithms and historical data to assess factors like:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customer behavior patterns<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Device fingerprinting<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Transaction amount and frequency<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Merchant risk profile<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Based on this analysis, low-risk transactions may be exempted from SCA, while high-risk transactions require full authentication. The effectiveness of TRA depends on the payment provider&#8217;s fraud rate,lower fraud rates allow for higher exemption thresholds.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That said, banks and <\/span><a href=\"https:\/\/razorpay.com\/learn\/what-is-a-card-issuer\/\"><span style=\"font-weight: 400;\">card issuers<\/span><\/a><span style=\"font-weight: 400;\"> ultimately decide whether to accept an exemption. As a merchant, you can request an exemption, but you&#8217;ll need to support full authentication if it&#8217;s denied.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s break down the most common SCA exemptions:<\/span><\/p>\n<h3><b>1. Transactions with Low Risk<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">If a transaction has a low risk of fraud, and the payment provider or bank has robust fraud monitoring systems, SCA can be skipped. This is known as Transaction Risk Analysis (TRA).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For transactions up to \u20ac100, payment providers must maintain a <\/span><a href=\"https:\/\/api-handbook.fca.org.uk\/files\/instrument\/TECHNICAL%20STANDARD\/FCA%202025\/62-2026-03-19.pdf\" rel=\"nofollow noopener\" target=\"_blank\"><span style=\"font-weight: 400;\">fraud rate of 0.13 percent or lower<\/span><\/a><span style=\"font-weight: 400;\"> to utilise the TRA exemption, while for transactions up to \u20ac250 the threshold tightens to 0.06 percent, and for transactions up to \u20ac500 the threshold requires maintaining a fraud rate of 0.01 percent or lower.<\/span><\/p>\n<h3><b>2. Small Payments Under \u20ac30\/\u00a325<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Payments below \u20ac30 or \u00a325 may not require SCA.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">However, SCA will be triggered if:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">More than five consecutive low-value transactions are made without authentication, or<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The total value of exempted transactions exceeds \u20ac100.<\/span><\/li>\n<\/ul>\n<h3><b>3. Regular Recurring Payments<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Fixed-amount subscriptions (like Netflix or Spotify) are typically exempt after the first transaction, which requires SCA.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Subsequent payments of the same amount and recipient can skip authentication.<\/span><\/p>\n<h3><b>4. Merchant-Initiated Payments (e.g., Variable Subscriptions)<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">These are payments initiated by the merchant, not the customer, like metered billing or top-ups.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">They&#8217;re exempt as long as the initial setup involved SCA and the customer agreed to it.<\/span><\/p>\n<h3><b>5. Phone Orders and Mail Orders (MOTO Payments)<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">MOTO payments are not subject to SCA because they aren&#8217;t considered electronic transactions initiated by the customer.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">These should be flagged properly in the <\/span><a href=\"https:\/\/razorpay.com\/blog\/what-is-a-payment-request\/\"><span style=\"font-weight: 400;\">payment request<\/span><\/a><span style=\"font-weight: 400;\"> to avoid declines.<\/span><\/p>\n<h3><b>6. Business or Corporate Payments<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Payments made through secure corporate payment systems (like lodge cards or virtual cards used by travel agents) may be exempt.<\/span><\/p>\n<h3><b>7. Payments to Trusted Merchants<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Customers can whitelist a merchant with their bank. Once a business is marked as &#8220;trusted&#8221;, future payments may not require SCA.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Note: Only the bank can manage this list, not the merchant.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_Happens_If_an_Exemption_Is_Rejected\"><\/span><b>What Happens If an Exemption Is Rejected?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">If an SCA exemption is rejected by the bank, the customer must complete full authentication to proceed with the payment. Your business should implement fallback flows that seamlessly guide customers through the authentication process without causing transaction abandonment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Even if a transaction qualifies for an exemption, the bank or issuer has the final say. If they decline the exemption, SCA is required to complete the payment.<\/span><\/p>\n<h3><b>What should businesses do?<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement fallback flows: Make sure your checkout experience can seamlessly handle both exempted and authenticated transactions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Communicate clearly: If extra steps are required, inform customers why, so they don&#8217;t drop off.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use modern payment providers: Platforms like Razorpay or Stripe automatically handle exemptions and re-route users to authentication if needed,minimising friction.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Potential_Challenges_and_Issues_with_Strong_Customer_Authentication\"><\/span><b>Potential Challenges and Issues with Strong Customer Authentication<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">While SCA significantly enhances payment security, it can introduce several challenges for businesses and customers:<\/span><\/p>\n<div style=\"border-left: 4px solid #0073aa; background: #f0f8ff; padding: 15px; margin: 20px 0; border-radius: 5px;\">\n<h2 style=\"color: #0073aa; font-size: 18px; margin: 0;\"><span class=\"ez-toc-section\" id=\"Did_You_Know\"><\/span>Did You Know?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"margin-top: 10px;\"><i><span style=\"font-weight: 400;\">Payment service users bore about 85% of total fraud losses for credit transfers in 2024, mainly due to scams tricking them into authorising fraudulent transactions.<\/span><\/i><span style=\"font-size: 19px; background-color: #ffffff;\">\u00a0<\/span><\/p>\n<\/div>\n<h3><b>Common Challenges:<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Common challenges include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Increased Cart Abandonment:<\/span><span style=\"font-weight: 400;\"> Additional authentication steps can cause customers to abandon purchases<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">False Declines:<\/span><span style=\"font-weight: 400;\"> Research shows <\/span><a href=\"https:\/\/okaythis.com\/blog\/the-challenge-of-card-declines-with-sca\" rel=\"nofollow noopener\" target=\"_blank\"><span style=\"font-weight: 400;\">99 percent of merchants experienced increased payment declines<\/span><\/a><span style=\"font-weight: 400;\"> following SCA implementation, with the average merchant seeing a 37 percent increase in declined transactions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Technical Complexity:<\/span><span style=\"font-weight: 400;\"> Implementing multiple authentication methods and fallback flows requires significant development resources<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customer Education:<\/span><span style=\"font-weight: 400;\"> Users may not understand why additional steps are required, leading to confusion and support requests<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mobile Experience Issues:<\/span><span style=\"font-weight: 400;\"> Authentication flows can be particularly challenging on mobile devices<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Successful SCA implementation requires careful planning, robust testing, and ongoing optimization to minimize these challenges while maintaining compliance.<\/span><\/p>\n<h3><b>Mitigation Strategies:<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement seamless authentication methods like biometrics where possible<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Provide clear communication about security benefits<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use intelligent exemption strategies to reduce unnecessary friction<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Partner with payment providers that offer optimized SCA flows<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><b>Conclusion<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Strong Customer Authentication is a critical layer of security that protects both businesses and customers from <\/span><a href=\"https:\/\/razorpay.com\/blog\/online-payment-fraud-and-risk-mitigation\/\"><span style=\"font-weight: 400;\">online payment fraud<\/span><\/a><span style=\"font-weight: 400;\">. While compliance is mandatory in the EEA, the right use of exemptions can strike a balance between security and seamless checkout.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Razorpay helps Indian businesses stay ahead of compliance requirements while ensuring smooth payment experiences for their global customers. By working with Razorpay, which supports smart authentication flows, businesses can stay compliant without compromising on user experience.<\/span><\/p>\n<div style=\"background: #f5faff; border-radius: 14px; padding: 28px 24px; text-align: center; margin: 0; box-shadow: 0 8px 20px rgba(26,115,232,0.08);\">\n<h2 style=\"color: #1a73e8; font-size: 24px; font-weight: bold; margin: 0 0 10px 0;\"><span class=\"ez-toc-section\" id=\"Ready_to_Make_SCA_Compliance_Effortless\"><\/span><strong>Ready to Make SCA Compliance Effortless?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"color: #444; font-size: 16px; max-width: 720px; margin: 0 auto 16px auto; line-height: 1.6;\">Discover how Razorpay can help your business process payments in<br \/>\nthe EEA with seamless SCA compliance and zero hassle.<\/p>\n<p><a style=\"display: inline-block; background: #1a73e8; color: #ffffff; padding: 14px 26px; font-size: 16px; font-weight: bold; border-radius: 10px; text-decoration: none;\" href=\"https:\/\/razorpay.com\/payment-gateway\/\">Get Started with Razorpay<\/a><span style=\"font-size: 19px; background-color: #ffffff;\">\u00a0<\/span><\/p>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions_FAQs\"><\/span><b>Frequently Asked Questions (FAQs)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. What is strong authentication?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Strong authentication is a security process that requires users to provide two or more verification factors from different categories (knowledge, possession, inherence) to prove their identity. It&#8217;s designed to be significantly more secure than single-factor authentication methods like passwords alone.<\/span><\/p>\n<h3><b>2. What is the difference between strong customer authentication and 3D Secure?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Strong Customer Authentication (SCA) is the regulatory requirement under PSD2, while 3D Secure is one of the technical protocols used to implement SCA for online card payments. 3D Secure 2.0 is specifically designed to meet SCA requirements and provides a better user experience than the original 3D Secure protocol.<\/span><\/p>\n<h3><b>3. What are examples of strong authentication methods?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Common examples include SMS OTP + password, fingerprint + PIN, facial recognition + device possession, push notifications + biometrics, and hardware tokens + passwords. Each method combines at least two different authentication factors.<\/span><\/p>\n<h3><b>4. How does Strong Customer Authentication impact online payments?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">SCA adds an extra layer of security, requiring customers to verify themselves with two or more factors during checkout. This reduces fraud but can add friction if not implemented well.<\/span><\/p>\n<h3><b>5. What are the elements of Strong Customer Authentication?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">SCA requires at least two out of three of the following:<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Knowledge (something the customer knows \u2013 e.g., password or PIN)<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Possession (something the customer has \u2013 e.g., phone or card)<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Inherence (something the customer is \u2013 e.g., fingerprint or facial recognition)<\/span><\/p>\n<h3><b>6. How do I set up Strong Customer Authentication on my website?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Use a payment gateway that supports SCA (like Razorpay or Stripe). Ensure your checkout flow supports 3D Secure 2, fallback options, and exemption handling.<\/span><\/p>\n<h3><b>7. Who needs to comply with SCA regulations?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Any business processing electronic payments initiated by customers within the EEA must comply with SCA. This includes e-commerce sites, apps, and service providers.<\/span><\/p>\n<h3><b>8. Does SCA apply to all online transactions?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">No. Exemptions apply for low-risk transactions, small amounts, recurring payments, and more. However, banks can still require authentication, even if an exemption is requested.<\/span><\/p>\n<h3><b>9. What happens if an SCA exemption fails?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The customer will be prompted to complete authentication using methods like OTP or biometrics. If they fail to authenticate, the payment may be declined.<\/span><br \/>\n<script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"FAQPage\",\n  \"mainEntity\": [\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What is strong authentication?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Strong authentication is a security process that requires users to provide two or more verification factors from different categories (knowledge, possession, inherence) to prove their identity. It's designed to be significantly more secure than single-factor authentication methods like passwords alone.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What is the difference between strong customer authentication and 3D Secure?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Strong Customer Authentication (SCA) is the regulatory requirement under PSD2, while 3D Secure is one of the technical protocols used to implement SCA for online card payments. 3D Secure 2.0 is specifically designed to meet SCA requirements and provides a better user experience than the original 3D Secure protocol.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What are examples of strong authentication methods?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Common examples include SMS OTP + password, fingerprint + PIN, facial recognition + device possession, push notifications + biometrics, and hardware tokens + passwords. Each method combines at least two different authentication factors.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"How does Strong Customer Authentication impact online payments?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"SCA adds an extra layer of security, requiring customers to verify themselves with two or more factors during checkout. This reduces fraud but can add friction if not implemented well.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What are the elements of Strong Customer Authentication?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"SCA requires at least two out of three of the following:\\nKnowledge (something the customer knows \u2013 e.g., password or PIN)\\nPossession (something the customer has \u2013 e.g., phone or card)\\nInherence (something the customer is \u2013 e.g., fingerprint or facial recognition)\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"How do I set up Strong Customer Authentication on my website?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Use a payment gateway that supports SCA (like Razorpay or Stripe). Ensure your checkout flow supports 3D Secure 2, fallback options, and exemption handling.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Who needs to comply with SCA regulations?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Any business processing electronic payments initiated by customers within the EEA must comply with SCA. This includes e-commerce sites, apps, and service providers.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Does SCA apply to all online transactions?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"No. Exemptions apply for low-risk transactions, small amounts, recurring payments, and more. However, banks can still require authentication, even if an exemption is requested.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What happens if an SCA exemption fails?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"The customer will be prompted to complete authentication using methods like OTP or biometrics. If they fail to authenticate, the payment may be declined.\"\n      }\n    }\n  ]\n}\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re an Indian business looking to expand into the European market,or already serving EEA customers,understanding Strong Customer Authentication (SCA) is essential for seamless payments and compliance. Strong Customer Authentication (SCA) is a regulatory requirement under the Payment Services Directive 2 (PSD2) in Europe, aimed at reducing online fraud and making digital payments more secure.<\/p>\n","protected":false},"author":129,"featured_media":23628,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[26],"tags":[1033,1030,1032,1031],"class_list":{"0":"post-22881","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-payments","8":"tag-authentication","9":"tag-customer-authentication","10":"tag-sca-authentication","11":"tag-strong-customer-authentication"},"_links":{"self":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/22881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/users\/129"}],"replies":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/comments?post=22881"}],"version-history":[{"count":5,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/22881\/revisions"}],"predecessor-version":[{"id":26647,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/22881\/revisions\/26647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media\/23628"}],"wp:attachment":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media?parent=22881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/categories?post=22881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/tags?post=22881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}