Strong Customer Authentication (also known as SCA) fulfills a set of regulatory requirements, designed to reduce fraud, making online payments more secure while establishing trust with consumers. SCA adds an extra layer of security by using a third party like a bank to verify the end-customer prior or during an online payment. Riverty currently offers this functionality in Sweden, Norway, Denmark, Finland, Germany, Austria, Switzerland and the Netherlands.
SCA is used for risk handling (consumer ratings and fraud risk). For Norway and Sweden SCA is almost always mandatory as it is a key element of fraud prevention and it is a known process for online shoppers. In Sweden SCA is used by 98% of the population between 18-67 years of age.
Country | Sweden | Norway | Finland | Denmark | Netherlands | Germany and Austria |
---|---|---|---|---|---|---|
Name of eID method | BankID (SE) | BankID (NO) | FTN (Finnish Trust Network) | MitID (replaces NemID) | iDIN | One Time Password (SMS/Email) |
Required field(s) | Identification number | Identification number | Identification number | Identification number | Date of birth, first name, last name | Phone Number, Email Address |
Country specific restrictions | Only for customers using the following banks: ABN AMRO, ASN Bank, Bunq, ING, Rabobank, RegioBank, SNS. More info: https://www.idin.nl/en/can-i-use-idin/ | |||||
To trigger on test environment | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh The last name has to be Vries and date of birth has to be 1975-07-25 |
First item description has to be: For SMS: OTP_REQUIRED_SMS For Email: OTP_REQUIRED_EMAIL For both SMS or Email: OTP_REQUIRED_SMS_OR_EMAIL For Date of Birth: OTP_REQUIRED_DoB For SMS and Date of Birth: OTP_REQUIRED_SMS_AND_DoB For Email and Date of Birth: OTP_REQUIRED_EMAIL_AND_DoB |
SCA offers your customers an easy and convenient way to verify their identity and access Riverty’spayment methods.
By implementing SCA, we prioritize customer interests, ensuring protection against non-compliant practices.
The SCA and OTP implementation use the Redirect Flow which requires the end-customer to be redirected to the secure login URL that was provided by Riverty API during the Authorize Payment or Verify request. The end-customer will be presented with a page with further instructions. After the verification process is completed the end-customer is redirected back to merchant’s web page.
Riverty will decide for which orders and customers SCA or OTP will be triggered. This decision is based on a number of parameters, such as order amount, shipping address and other fraud and risk related variables.
When initiating the SCA process within a mobile app, it is crucial to open the Secure Login URL in the native or system browser. If the SCA flow is opened via a WebView integration, particularly on iOS devices, users may encounter difficulties when attempting to return to the merchant URL to complete the process.
Do you find this page helpful?