GLOSSARY
SCA
Strong Customer Authentication — the European requirement that online card payments be verified by two independent factors.
Strong Customer Authentication (SCA) is a regulatory requirement under the EU’s revised Payment Services Directive (PSD2). For most online card payments inside the EEA, the customer must authenticate using at least two of three factors:
- Something they know (password, PIN)
- Something they have (phone, hardware token)
- Something they are (fingerprint, face)
In practice this usually means a 3D Secure 2 challenge: the customer’s bank prompts them via app or SMS to confirm the payment. Properly implemented, the challenge is invisible for low-risk transactions (frictionless flow) and only surfaces when the bank’s risk engine wants extra confirmation.
Kotao’s payments stack handles SCA automatically — both the 3DS challenge flow and the exemptions (low-value transactions, trusted-beneficiary lists, recurring transactions) that let the customer skip the challenge when it’s safe to. You don’t manage the protocol; you just see whether the payment succeeded.
Related
Related terms.
-
Flat-rate card pricing
A single, transparent percentage charged on every card transaction — no interchange-plus, no scheme fees, no surprises.
-
Acquirer
Bank or payment institution that signs merchants and routes their card transactions into the card networks.
-
API (Application Programming Interface)
A set of rules and protocols that allows different software applications to communicate with each other.
-
Apple Pay
Mobile wallet by Apple that tokenizes cards for contactless and in-app payments.