SCA Customer Readiness Timeline

Strong Customer Authentication (SCA) is a new set of rules that will change how consumers confirm their identity when making purchases online. The rules apply in full for card payments, from 14 March 2022 in the UK.

While the Financial Conduct Authority recently announced a further 6-month extension to the SCA compliance deadline in the UK, which is now 14 March 2022, from the 1 June this year, card schemes will gradually begin their implementation of Strong Customer Authentication and e-Commerce transactions will increasingly be checked for 3DS compliance. We recommend that merchants enable 3DSv2 before this date to ensure no disruption to payment processing as the ramp-up begins.

If you do not take action, e-commerce card-based payment transactions that are non-compliant will be declined. Implementation of these new rules may require testing and specific changes to your payment process. We therefore encourage you to take immediate action to ensure you are not at risk of declined transactions which may impact your business. Urgent action should be taken by businesses with an online presence.

14 March 2022

UK Strong Customer Authentication Deadline: merchants based in the UK must have 3DSv2 fully enabled. From this point, all non-authenticated online card-based payments not subject to an exemption will be declined.

31 December 2020

EU Strong Customer Authentication Deadline: merchants based in the European Economic Area (EEA) must have 3DSv2 fully enabled. From this point, all non-authenticated online card-based payments not subject to an exemption will be declined. This also applies to UK merchants, where the customer is making a purchase with a card issued inside of the EEA.

14 September 2020

Financial Conduct Authority (FCA) Guidance Applies in the UK: merchants and payment services providers are expected to be 3DSv2 ready. Steps ups will gradually start to commence from this point onwards. All transactions that do not have 3DSv2 authentication in place will fall back to 3DSv1.

April 2020

Opayo supports early adopters of 3DSv2 with test functionality in our live environment: finalise testing and optimising your checkout flows. If you haven't yet enabled 3D Secure within My Opayo you will not be able to undertake this work.

February 2020

3D Secure Step-Ups Commence: Issuers e.g. Mastercard and Visa begin to authenticate transactions using both One Time Password (OTP) and Risk Based Authentication (RBA).

January 2020

Application for SCA Exemptions: there are several exemptions to SCA that may be requested to improve the payment experience and reduce friction so customers don't need to be authenticated more than once. We advise you to speak with your acquirer well ahead of time to get their approval of any exemption you choose to use.

Find out more on exemptions

14 September 2019

Existing Deadline: 18 month managed roll out agreed giving UK businesses, banks and online account providers more time to implement the necessary tools and processes. Businesses now have until March 2021 to become compliant. Customers should enable 3DSv1 as a minimum.

SCA your questions answered

July 2019

Test how best to incorporate SCA compliance: customers now have access to the Opayo 3DSv2 test environment. If you are using our Form or Server integrations all you need to do is activate 3D Secure in your My Opayo account. Customers on our Pi and Direct integrations will need to undertake additional development to be ready for 3DSv2.

Find out if you need to make changes to your integration

May 2019

Preparing for Strong Customer Authentication: we will enrol your Merchant ID for both 3DSv1 and 3DSv2. You will receive an email advising you that this has been done. You will then need to activate 3D Secure within your My Opayo account. We strongly recommend that you take these steps now.

Getting started with 3D Secure

Strong Customer Authentication Timeline