Strong Customer Authentication
aka SCA, two-factor authentication for payments
PSD2 requirement that electronic payments use two of three authentication factors: knowledge (PIN), possession (phone or token) and inherence (biometric). Applies to Irish card and bank payments.
Last reviewed April 2026
Definition
Strong Customer Authentication (SCA) is the PSD2 requirement that electronic payments be authenticated using at least two of three independent factors: something the customer knows (a password or PIN), something the customer possesses (a registered phone or hardware token), and something the customer is (a fingerprint, face or other biometric). Card payments online are typically authenticated using EMV 3-D Secure (3DS2), where the cardholder approves the transaction in their banking app or via a one-time code. Several exemptions exist - low-value transactions under EUR 30 (cumulative limits apply), recurring fixed-amount transactions after the first authenticated payment, merchant-initiated transactions, and trusted-beneficiary lists. SCA also applies to AIS and PIS connections under Open Banking and is the reason consent links typically need re-authentication every 180 days. Failure to apply SCA correctly shifts liability for fraudulent payments back to the merchant or to the payment service provider.
Why it matters for software choice
Ecommerce checkout, B2B subscriptions and recurring direct debits all interact with SCA differently. Payment processors that handle SCA exemptions intelligently (recognising recurring transactions, EUR 30 low-value, trusted beneficiaries) deliver materially higher checkout conversion than processors that 3DS-challenge every transaction.
Authority sources
- Central Bank of Ireland: Strong Customer Authentication (www.centralbank.ie)
- European Banking Authority: SCA RTS (www.eba.europa.eu)
Software categories this affects
Vendors covered by this term
Stripe Invoicing
Developer-friendly invoicing built on Stripe with SEPA support and per-invoice pricing
Revolut Business
EU-licensed business banking with Irish IBANs, SEPA Instant, and multi-currency accounts
Square POS
Free POS with 1.75% transaction fees and Irish IBAN payouts for retailers and cafes
Shopify POS
Unified online and in-store selling for Irish retailers with Shopify Payments in Ireland
Shopify
Managed Irish ecommerce platform with Shopify Payments, EUR pricing, and EU VAT handling
Related terms
Open Banking (PSD2)
EU regulatory framework that lets authorised third parties access bank account data (AIS) and initiate payments (PIS) on the customer's behalf. The basis for live bank feeds and payment-initiation tools.
SEPA Direct Debit
The standardised Euro pull-payment scheme covering all SEPA countries. A creditor with a Creditor Identifier and a signed mandate can debit the debtor's account in any participating bank using a pain.008 XML file.
SEPA Credit Transfer
Standard EUR-denominated bulk payment scheme used to pay suppliers, salaries and Revenue liabilities from Irish business bank accounts. Settlement within one business day across SEPA.