What's next for Personal Lines insurance?
Strong Customer Authentication (SCA)
In March 2022, Strong Customer Authentication (SCA) will be taking effect. SCA adds an extra layer of security to online payments for more than £30.
This new regulatory requirement should help to reduce payment fraud. When clients pay online, for an amount over £30, they’ll be asked to provide two pieces of information that help to prove they are who they say they are:
• Something they know – such as a password, PIN, or secret answer
• Something they have – they’ll use their phone, smart card, a token or similar, and,
• Something that defines them – such as a fingerprint, facial recognition, or voice patterns.
As it’s your clients’ issuing banks that will be processing and requesting the authentications, we aren’t able to answer questions directly about SCA – but to date, these are the most common questions we have received from you.
Answering your questions
As it’s your clients’ issuing banks that will be processing and requesting the authentications, we aren’t able to answer questions directly about SCA – but to date, these are the most common questions we have received from you.
FAQs about Strong Customer Authentication (SCA)
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is a set of regulatory requirements, designed to make paying online more secure for customers. This should limit the chances of payment fraud.
SCA adds an extra layer of security when customers pay online. Until now, shoppers have simply entered their details to make a payment (although some businesses ask for more authentication).
Why is this happening?
These changes should reduce the risk of fraud. Authentication checks that customers are who they say they are, when they’re spending more than £30 online.
How does SCA work?
SCA is a form of two-factor authentication. It should prove that customers are who they say they are, with rules around what counts as ‘authentication’ for purchases over £30.
It needs two types of validation out of three categories.
What constitutes a method of authentication?
There are three ways to authenticate identity, but only two will be needed at any one time:
- Knowledge (something only the payer knows) – such as a password, PIN, or secret answer
- Possession (something only the payer possesses) – such as their phone, or smart card, or a token
- Inherence (something the payer is) – such as a fingerprint, facial recognition, or voice patterns.
How does this impact brokers?
If your client is spending over £30 online with a debit or credit card for their insurance, they will need to provide two of these authentications.
How does this impact broker clients?
This will only impact your client if they are buying insurance via an online payment from £30 and above.
If your client is paying with an inhouse funds transfer (a Chip-and-PIN transaction), then there’ll be no need for two factor authentication.
However, if they’re not using Chip-and-PIN, then they’ll need to provide two types of authentication before the transaction is authorised.
What if my client’s payment fails?
If your client’s online payment is rejected, it may be that either you are not ready for processing online card payments via the 3D-Secure system or there is another issue with the payment which, in the first instance, merchants must look to resolve with their card payments processor. Unfortunately, there isn’t anything we’d be able to do inhouse to resolve the issue as the online payment was rejected by your client’s card provider not Ageas.
Will SCA be required for automatic renewals and payment taken over the phone?
No, SCA is only required for online payments from £30 and above.
What brokers need to do
Be aware that your clients’ banks will ask for two types of authentication before authorising a transaction.
When is this happening?
Some payment providers have already started to ask for further identification now, however all providers need to comply by 14 March 2022.
