Frequently asked questions

Frequently asked questions

If no strong customer authentication is used, you should expect to experience a significantly higher cancellation rate in the processing of transactions by the issuer.

SCA is obligatory for all payment service providers located in the European Economic Area (EEA) from 14 September 2019.

The exception regulations provided for by the EBA are very complex and can only be applied by acquirers. The acquirer decides whether a merchant may make use of an exception or not.

A first-time transaction using a card which was not previously stored by the merchant must always be subjected to SCA. Charging the card before checkout can only be done without SCA if the merchant has the card on file in the system and SCA was successfully carried out previously.

If the merchant already has the card on file, in this case no further SCA must be carried out. If this is not the case, the card may not be charged again without undergoing SCA.

Are not subject to SCA, but they must be flagged separately in the GICC protocol.

Are an exception to SCA and must be specially flagged, which is negotiated differently by Visa and by Mastercard.

In this case, a card-on-file transaction is carried out with the appropriate MIT flag, which results in no SCA needing to be carried out again.

In general, pursuant to today’s standard, merchants are obliged to use the 3D Secure procedure (aside from a few exceptions). There is therefore no need to amend existing contracts. However, Concardis will send specific information to merchants which excludes the future tolerance of non-3D-authenticated transactions.