Request a quote

+49 6196 7873 745 Callback service
VAT (value added tax) reduction: In the performance period from 1st July to 31st December 2020, we will reduce the VAT from 19% to 16% for you.

Strong customer authentication (SCA)

Frequently asked questions

General FAQs on SCA
What is the status of implementation with regard to Payengine 2.0 and 3.0? Is there a timeline which we can share with our customers?

Payengine start.now, speed.up, flex.pro: No adjustments for 3DS2 are necessary for the integration methods Inline Widget and Modal Widget. Concardis will make all necessary implementations available automatically in due time – namely, as of 14 September. No adjustments for 3DS2 are necessary for the use of Paylink. Concardis will make all necessary implementations available in due time – namely, as of 14 September.

Payengine Comfort, Premium, Professional: No adjustments for 3DS2 are necessary for the e-commerce integration type. Concardis will make all necessary implementations available in due time – namely, as of 14 September.

When do the new SCA rules apply?

SCA is obligatory for all payment service providers located in the European Economic Area (EEA) from 14 September 2019.

Are there exceptions to this rule?

The exception regulations provided for by the EBA are very complex and can only be applied by acquirers. The acquirer decides whether a merchant may make use of an exception or not.

A hotel room is booked five months in advance and the amount will not be charged.

Does SCA need to occur in this case (also no transaction reservation)? What happens if a charge needs to occur prior to checkout? MIT or SCA?

A first-time transaction using a card which was not previously stored by the merchant must always be subjected to SCA. Charging the card before checkout can only be done without SCA if the merchant has the card on file in the system and SCA was successfully carried out previously.

A room has been paid for, but the bill for the minibar was forgotten. But the guest has already left!

Can this bill be settled via a credentials-on-file transaction (also known as ‘card on file’)?

A credentials-on-file transaction is carried out by a merchant in the absence of the payer. The merchant already carried out a successful SCA procedure when first saving the payment information of the payer and can now submit the transaction with the appropriate identification. If the merchant already has the card on file, in this case no further SCA must be carried out. If this is not the case, the card may not be charged again without undergoing SCA.

Are card-on-file transactions subject to SCA?

Card-on-file transactions are not subject to SCA, but they must be flagged separately in the GICC protocol.

What about merchant-initiated transactions?

Merchant-initiated transactions (MIT) are an exception to SCA and must be specially flagged, which is negotiated differently by Visa and by Mastercard.

Does SCA need to be carried out again to charge remaining amounts (above the authorisation amount)?

In this case, a card-on-file transaction is carried out with the appropriate MIT flag, which results in no SCA needing to be carried out again.

Do contracts need to be amended?

In general, pursuant to today’s standard, merchants are obliged to use the 3D Secure procedure (aside from a few exceptions). Therefore, there is no need to amend existing contracts. However, Concardis will send specific information to merchants which excludes the future tolerance of non-3D-authenticated transactions.