GLOSSARY

SCA

Strong Customer Authentication — the European requirement that online card payments be verified by two independent factors.

Payments

Strong Customer Authentication (SCA) is a regulatory requirement under the EU’s revised Payment Services Directive (PSD2). For most online card payments inside the EEA, the customer must authenticate using at least two of three factors:

Something they know (password, PIN)
Something they have (phone, hardware token)
Something they are (fingerprint, face)

In practice this usually means a 3D Secure 2 challenge: the customer’s bank prompts them via app or SMS to confirm the payment. Properly implemented, the challenge is invisible for low-risk transactions (frictionless flow) and only surfaces when the bank’s risk engine wants extra confirmation.

Kotao’s payments stack handles SCA automatically — both the 3DS challenge flow and the exemptions (low-value transactions, trusted-beneficiary lists, recurring transactions) that let the customer skip the challenge when it’s safe to. You don’t manage the protocol; you just see whether the payment succeeded.

← All terms

In the product

Where this term matters in operation.

The glossary is not meant to be academic. It explains the language teams use in Kotao while selling, planning, paying, reporting, and automating.

In sales

Terms like this appear inside POS, checkout, bookings, offers, and customer communication.

In back office

Finance, inventory, HR, and reporting need the same meaning so reports do not drift apart.

In integrations

APIs, imports, webhooks, and exports work better when teams use the same definitions.

SCA

Where this term matters in operation.

In sales

In back office

In integrations

Related terms.

Flat-rate card pricing

Acquirer

API (Application Programming Interface)

Apple Pay