On September 14, 2019, new regulation has mandated Strong Customer Authentication (SCA) for many online payments in the European Economic Area (EEA), including the UK. SCA is part of the second Payment Services Directive (PSD2).
With SCA, a form of two-factor authentication is now required for many online card payments in Europe. Without authentication, many payments will be declined by your bank.
Traditional card payments usually involve two steps: authorization and capture. A payment is authorized when your bank or card issuer decides to approve a payment, and the payment is captured when the card is charged.
With SCA, there is now an additional and mandatory step before authorization and capture: authentication. This step helps protect you by preventing fraud. To authenticate a payment, you have to respond to a prompt from your bank and provide additional information. This may be something you know, like a password, something you use, like your phone, or something that’s part of who you are, like your fingerprint.