Strong Customer Authentication (SCA) is a requirement of the European Union’s sprawling Revised Directive on Payment Services (commonly known as PSD2), and will demand that issuers receive two separate types of authentication to approve the vast majority of online (‘card not present’) transactions.

When SCA comes into effect on September 14th, ‘card not present’ transactions will require two of the following three types of authentication: Knowledge (something you know - for example, a password); Possession (something you have - a credit card or smartphone); and Inherence (something you are - biometrics such as Touch ID or even voice recognition). A credit card and CVV number are no longer enough.