“SCA” Strong Customer Authentication and “Geoblocking”

“SCA” Strong Customer Authentication and “Geoblocking”

– Notes for our creditPass customers –


The SCA is a new security requirement resulting from the overall complex of the European “PSD2” (Payment Service Directive). This is intended to increase the security of payment transactions across the EU, ensure standardization and enable further competition. The conversion of the European directive into direct national law took place legally in Germany on January 13, 2018 on the basis of a Bundestag resolution on the implementation of the Second Payment Services Directive ZDUG of June 1, 2017. The subject of “strong customer authentication” was then included.


In the opinion of various legal experts, unambiguous regulations, including those relating to exceptions, are not yet conclusively available. However, it can be noted:


  • The SCA is initially intended for card payments and in particular for credit cards .
  • Users will probably have to identify themselves with two additional factors that have nothing to do with the card by September 2019 at the latest. This means that the previous factors, card number and CVC code, are not only insufficient, but cannot even be used more than one of the two necessary factors.
  • How the credit card payment should be made from then on (additional password, biometric features, etc.) is currently being discussed and prepared.
  • Exempt from SCA for credit card payments are presumably a) small payment amounts up to EUR 100, -, b) low-risk transactions based on low verifiable fraud rates with the credit card acquirer, c) Traders who are whitelisted by the banks (funny, the banks have somehow successfully secured a regulatory benefice again), d) non-European CC transactions and e) corporate credit cards.
  • For the time being, direct debits are not included.


The name “Geoblocking” is made up of “Geo” (place of origin) and “Blocking” (blocking). The blanket blocking of certain regions from the free movement of goods, people, services and information is not in the interests of the common internal market. Regulation (EU) 2018/302 aims to end unjustified discrimination in online purchases on the basis of nationality, place of residence or place of establishment within the internal market. Although the regulation came into force in all EU member states on March 23, 2018, it will only be applied from December 3, 2018, in order to give small retailers in particular the opportunity to adapt.


It should be noted here that the regulation explicitly only refers to access to offers and sales. On the other hand, it does not provide for a Europe-wide obligation to also supply customers (under the same conditions). For creditPass customers: The checks for risk, fraud and compliance can run as before. Interested parties who, for whatever reason, do not meet the criteria set by the retailer for processing payments in the business transaction can (and must!) Continue to be rejected. CreditPass will continue to refine the tools for this in 2019.