Strong Customer Authentication (SCA) FAQ
You will receive an in-app notification in the case that a required payment authentication fails.
EMV 3DS is the new industry standard and protocol for retailers to send data to card Issuers during a so-called “card-not-present“ transaction to help address false declines and lower “card-not-present” fraud – while providing a better customer experience. EMV 3DS is relevant for all “card-not-present” purchases, including recurring and card-on-file payments.
The large Credit Card Schemes and Banks have their own EMV® 3-D Secure (3DS) products.
- Mastercard’s is called: Mastercard® Identity Check™
- Visa’s is called: VERIFIED by VISA
- American Express is called: American Express SafeKey 2.0
To authenticate a payment, a cardholder responds to a prompt from their bank and provides additional information. This may be something you know (e.g., PIN), something you use (e.g., card, phone), or something that’s part of what you are (e.g., your fingerprint).
If the payment authentication fails, you should contact the customer service number for your financial institution, which is typically found on the back of your card or on their website. Tell the customer service representative the message that you received.
If your financial institution uses SMS/Text messages for authentications, you will need to contact the customer service number for your financial institution, which is typically found on the back of your card.
The SMS fee and its bearer are determined by the issuer banks, just like in the case of regular notifications. Please check the terms and conditions of your bank with regards to this service.
While staying abroad will I still receive an SMS for online authentication? Who will pay the fee for this?
You will still receive SMS for online authentication while you are abroad. The SMS fee and its bearer are determined by the issuer banks, just like in the case of regular notifications.
Please check the terms and conditions of your bank with regards to this service.
You should receive a new card from your card issuer and they will usually automatically update this information in your profile.
However, it might be needed to update your card number/credentials on file, if you use this service with Pipedrive.
Please speak to your card issuer with regards to the exact process which is also dependent on the services you use.
For example, you might need to register the new card for their authentication program or add your new card details to your wallet or update credentials on file with Pipedrive and other online merchants you use.
I would like to shop online but I don’t have my mobile phone on me or the battery is low. How can I verify my identity?
If your verification method of choice depends on the usage of your mobile phone, then you will be unable to execute the Strong Customer Authentication at that moment and the payment procedure will fail.
I use my debit/credit card to pay some bills online automatically every month. From now on, will I have to verify my identity every time I pay?
Recurring payments do not need to be verified every time, no matter if the amount is the same or if it varies. Only the first payment – when setting up the regular payments – will require SCA to verify your identity and confirm the payments.
You should also have an agreement between you and the retailer that specifies the reason for the payment and the payment amount (or an estimate when the precise amount is not known).
I regularly shop at a specific website. Will I have to verify my identity and payment every single time in the future?
It is up to the Issuer bank to decide whether to take advantage of the exemptions that PSD2 allows, e.g., offering cardholders to build an “allow-list” of trusted retailers where you do not always have to authenticate yourself.
They might also decide to add individual rules around what retailers or products and services qualify for an “allow-list“ or if only payments below a certain threshold do not require additional authentication at allow-list retailers.
My phone doesn’t have a fingerprint scanner, but does have a front camera. How can I verify my identity during mobile or contactless in-store payments?
In lieu of a fingerprint scanner, authentication of payments can be adjusted to other methods, such as screen lock, PIN code and face recognition or in-app authentication.
This depends on the settings of your wallet and bank.
It depends. When a debit/credit card is used for making an online payment, there are many parties involved in the payment process: Issuing bank, Switches, Processing Platform, Acquiring Bank and Merchant platform, card networks and the Cardholders themselves.
There could be several different reasons why a payment won’t go through.
- Card or other details are entered incorrectly
- Insufficient balance
- Card expired or new card hasn’t been confirmed yet
- Card issuing bank declined the transaction for security reasons
- Card has been reported as lost/stolen or it has been put on fraud alert
- Account with the merchant needs to be confirmed
- User dropped, e.g., because of time out, wrong clicks/refreshing the page
- Anti-virus, firewall software or connectivity/Wi-Fi issues
- Authentication failures
*EU – European Union: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Republic of Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden
**EEA – European Economic Area: EU + Iceland, Liechtenstein and Norway.
***CTC – Contracted Transitional Countries: United Kingdom – 14-Sep-2021 and Switzerland – Date To be Determined
PSD2 is a set of laws and regulations that applies to the *EU, **EEA, ***CTC only.
SCA using EMV® 3-D Secure is being adopted by Banks around the globe. However, this is at the discretion of the Bank Issuing the card and is not National or International law outside of *EU, **EEA, ***CTC.