SCA (Strong Customer Authentication)
Medium-length body copy of one or two sentences goes here to support the main headline. Do not make your text longer than this.
SCA (Strong Customer Authentication)
Medium-length body copy of one or two sentences goes here to support the main headline. Do not make your text longer than this.
SCA (Strong Customer Authentication)
Medium-length body copy of one or two sentences goes here to support the main headline. Do not make your text longer than this.
Table of contents
SCA (Strong Customer Authentication) is the extra security step that confirms it is really you making a payment, especially online. It cuts fraud on card and bank payments while keeping checkout quick when you approve in your banking app.
What is Strong Customer Authentication?
Strong Customer Authentication is a European regulatory requirement (PSD2) for electronic payments. Before a payment goes through, your bank must verify your identity using at least two of three factors: something you know (password or PIN), something you have (phone or card), or something you are (fingerprint or face).
You experience SCA as a push notification in your banking app, a biometric login, a one-time code, or occasionally chip and PIN in store when contactless limits are reached. It applies to many online card payments, bank transfers, and access to sensitive account features.
How SCA works in practice
Typical online flow:
You enter card details or initiate a transfer.
The merchant or payment provider triggers an authentication request.
Your bank sends a challenge to your app or device.
You approve with biometrics or a secure code within a time limit.
Only then is the payment authorized.
Card payments often use 3-D Secure, which is one way to deliver SCA for online cards. Account transfers use the bank's own SCA flow in the bunq app.
When SCA is required (and when it is not)
SCA is required for most online payments and many transfers. Exceptions exist for low-risk or low-value transactions under EU rules, such as some contactless taps below limits or trusted recurring merchants you have paid before. Your bank decides when an exemption applies without weakening security overall.
In-store, repeated contactless payments may eventually require PIN entry. That PIN step is part of keeping your card safe under SCA principles.
SCA and bunq
bunq uses app-based approval, biometrics, and secure banking controls so you can confirm payments quickly. Keep your app updated and notifications on so SCA prompts are not missed. Learn more at Security and manage cards under bunq Cards.
Common questions
Why was I asked to verify again for the same shop?
Regulators and banks limit how long a merchant can stay "trusted" without a fresh check. Subscriptions may use exemptions, but large or unusual purchases often trigger SCA every time.
Can I turn off SCA?
No. Banks must apply SCA for covered payments. Turning it off would break EU rules and put your money at higher risk.
Is SCA the same as 3-D Secure?
3-D Secure is a common method to satisfy SCA for card payments online. SCA is the broader rule; 3-D Secure is one tool that implements it.
Table of contents
SCA (Strong Customer Authentication) is the extra security step that confirms it is really you making a payment, especially online. It cuts fraud on card and bank payments while keeping checkout quick when you approve in your banking app.
What is Strong Customer Authentication?
Strong Customer Authentication is a European regulatory requirement (PSD2) for electronic payments. Before a payment goes through, your bank must verify your identity using at least two of three factors: something you know (password or PIN), something you have (phone or card), or something you are (fingerprint or face).
You experience SCA as a push notification in your banking app, a biometric login, a one-time code, or occasionally chip and PIN in store when contactless limits are reached. It applies to many online card payments, bank transfers, and access to sensitive account features.
How SCA works in practice
Typical online flow:
You enter card details or initiate a transfer.
The merchant or payment provider triggers an authentication request.
Your bank sends a challenge to your app or device.
You approve with biometrics or a secure code within a time limit.
Only then is the payment authorized.
Card payments often use 3-D Secure, which is one way to deliver SCA for online cards. Account transfers use the bank's own SCA flow in the bunq app.
When SCA is required (and when it is not)
SCA is required for most online payments and many transfers. Exceptions exist for low-risk or low-value transactions under EU rules, such as some contactless taps below limits or trusted recurring merchants you have paid before. Your bank decides when an exemption applies without weakening security overall.
In-store, repeated contactless payments may eventually require PIN entry. That PIN step is part of keeping your card safe under SCA principles.
SCA and bunq
bunq uses app-based approval, biometrics, and secure banking controls so you can confirm payments quickly. Keep your app updated and notifications on so SCA prompts are not missed. Learn more at Security and manage cards under bunq Cards.
Common questions
Why was I asked to verify again for the same shop?
Regulators and banks limit how long a merchant can stay "trusted" without a fresh check. Subscriptions may use exemptions, but large or unusual purchases often trigger SCA every time.
Can I turn off SCA?
No. Banks must apply SCA for covered payments. Turning it off would break EU rules and put your money at higher risk.
Is SCA the same as 3-D Secure?
3-D Secure is a common method to satisfy SCA for card payments online. SCA is the broader rule; 3-D Secure is one tool that implements it.
Table of contents
SCA (Strong Customer Authentication) is the extra security step that confirms it is really you making a payment, especially online. It cuts fraud on card and bank payments while keeping checkout quick when you approve in your banking app.
What is Strong Customer Authentication?
Strong Customer Authentication is a European regulatory requirement (PSD2) for electronic payments. Before a payment goes through, your bank must verify your identity using at least two of three factors: something you know (password or PIN), something you have (phone or card), or something you are (fingerprint or face).
You experience SCA as a push notification in your banking app, a biometric login, a one-time code, or occasionally chip and PIN in store when contactless limits are reached. It applies to many online card payments, bank transfers, and access to sensitive account features.
How SCA works in practice
Typical online flow:
You enter card details or initiate a transfer.
The merchant or payment provider triggers an authentication request.
Your bank sends a challenge to your app or device.
You approve with biometrics or a secure code within a time limit.
Only then is the payment authorized.
Card payments often use 3-D Secure, which is one way to deliver SCA for online cards. Account transfers use the bank's own SCA flow in the bunq app.
When SCA is required (and when it is not)
SCA is required for most online payments and many transfers. Exceptions exist for low-risk or low-value transactions under EU rules, such as some contactless taps below limits or trusted recurring merchants you have paid before. Your bank decides when an exemption applies without weakening security overall.
In-store, repeated contactless payments may eventually require PIN entry. That PIN step is part of keeping your card safe under SCA principles.
SCA and bunq
bunq uses app-based approval, biometrics, and secure banking controls so you can confirm payments quickly. Keep your app updated and notifications on so SCA prompts are not missed. Learn more at Security and manage cards under bunq Cards.
Common questions
Why was I asked to verify again for the same shop?
Regulators and banks limit how long a merchant can stay "trusted" without a fresh check. Subscriptions may use exemptions, but large or unusual purchases often trigger SCA every time.
Can I turn off SCA?
No. Banks must apply SCA for covered payments. Turning it off would break EU rules and put your money at higher risk.
Is SCA the same as 3-D Secure?
3-D Secure is a common method to satisfy SCA for card payments online. SCA is the broader rule; 3-D Secure is one tool that implements it.