Important current information about the SCA

Flashback

We have since informed you several times and through various channels about this obligation. With the introduction of PSD2, the legislator also introduced the obligation to use 2-factor authentication for electronic payment transactions at that time.

However, in view of the prevailing implementation status of SCA adjustments throughout the industry at that time, BaFin, as the national supervisory authority responsible for the introduction of the SCA, had suspended the requirement of SCA processes until December 31, 2020. Thus, the application of the SCA was not mandatory until the aforementioned deadline.

Current scenario

However, this SCA "acquiescence period" now ends at the end of the year and thus, above all, all E-COMMERCE dealers are obliged to apply the SCA processes from 01.01.2021.

If transactions subject to SCA are submitted without a corresponding SCA identifier from 01.01.2021, it can be assumed that card issuers in the European Economic Area will reject precisely these transactions or request the entry of a second factor.

Nexi is well prepared:

• Over the past few months, Nexi has created all the technical prerequisites to counteract precisely this behavior.
• The Nexi Acquiring platform is fully prepared to process SCA-compliant transaction data, complies with all mandates required by legislators and card organizations, and already successfully processes SCA-tagged transactions today.
• The Nexi PSP solution "Payengine" also fully meets the SCA requirements and offers many functionalities in this environment that go beyond the standard (such as Card On File in connection with MIT use, etc.), which you as a merchant can integrate into your payment process.

In its letter dated December 3, 2020, BaFin, as the German national supervisory authority, opened up an implementation variant of the SCA to German card-issuing banks as of January 1, 2021, which provides for an amount-driven, phased-in SCA application.

However, some card issuers in Germany have already signaled that they will not follow this recommendation and will apply the SCA requirements to all transactions as early as 01.01.2021.

As your competent payment service provider, we can therefore only recommend that you fully implement and also apply all necessary SCA adaptation measures in good time for 01.01.2021. This is the only way to eliminate the potential risk of rejected transactions. For this purpose, we would like to encourage you once again to contact your PSP immediately - if you have not already done so - in order to be able to store and activate any SCA adjustments that may still be necessary in your systems.

What are the important dates?

The migration period ends on December 31, 2020, and Payengine will provide the required protocol versions by the specified dates.

The sticking points of PSD2 

What happens in the worst case?

Nexi will deny authorizations in the worst case scenario.......

1. if a transaction is entered as an exception which has not been coordinated with Nexi

2. if transactions subject to SCA are submitted without the corresponding SCA marking

3. if the flagging of the transaction does not comply with the rules and regulations

4. in case of incorrect WITH marking

5. and of course when the internal fraud prevention system is alerted

Nexi will continue to process all transactions covered by the regulations (SCA or with exceptions). However, rejection by the issuer cannot be prevented.

What you always wanted to know about Strong Customer Authentication

Watch our webinar with our SCA experts Ralf Hesse and Charlotte Ankenbrand again here.

Webinar 14.09.2020

Webinar 15.10.2020