Skip to main content
All CollectionsGetting started with Cardivo
Strong customer authentication (SCA) requirements in the EU
Strong customer authentication (SCA) requirements in the EU

Cardivo is fully compatible with all requirement for SCA under the PSD2 directive in the EU.

Roohbir Singh avatar
Written by Roohbir Singh
Updated over 10 months ago

Strong Customer Authentication (SCA), a rule in effect as of September 14, 2019, as part of PSD2 regulation in Europe, requires changes to how your European customers authenticate online payments. Card payments require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.

Strong Customer Authentication (SCA) requirements officially went into effect in the EU on 14 September 2019.

Gradual enforcement of SCA requirements has already begun, as some banks have started to decline a portion of payments that aren’t SCA-ready. Full enforcement has not yet begun due to a temporary delay announced by the European Banking Authority on 21 June 2019. On 16 October 2019, the European Banking Authority announced that the new SCA requirements should be fully enforced by 31 December 2020.

As of June 2020, the majority of European regulators had agreed to this new timeline, with two exceptions:

  • UK - The UK regulator previously announced an 18-month delay—requiring additional authentication for online payments beginning March 2021. Due to the Covid crisis the UK regulator has extended the delay by an additional 6 months, bringing the revised enforcement date to 14 September 2021.

  • France - France has aligned with the European Banking Authority timeline, but maintains an extra 3-month grace period on a case-by-case basis.

Although the full enforcement deadline for SCA is 31 December, 2020, many banks have already begun to enforce SCA by declining a portion of payments that are not SCA-ready.

All payments you process through Cardivo are SCA-ready for on-session and off-session payments. For recurring payments, if the customer's card issuing bank requests re-authentication, an email will be sent to your customer via your Stripe account. To ensure this happens, please go to Settings > Subscriprions and emails in your Stripe dashboard, scroll down to the Manage payments that require 3D Secure section and Enable 3D Secure as well as the Customer emails.


Cardivo is designed to support these EU regulations as well as any cards in any countries that require OTPs or other forms of two-factor authentication (2FA) so you can rest easy knowing your customers will be able to pay no matter where they're based.

Did this answer your question?