You may be aware of the Strong Customer Authentication (SCA) requirements that is going to be in place from Sept 14th. The principle of SCA is to ensure customer protection via an increased level of security for all forms of electronic payments within the European Economic Area (EEA). SCA is payer authentication based on the use of two or more elements (two-factor authentication).
Where the cardholder and the card is present -
Chip & PIN transactions are considered to be two-factor authenticated and therefore already SCA compliant.
Contactless card transactions are considered exempt from SCA, provided certain parameters are met. SCA is not required subject to transaction value and velocity conditions
- The value of the transaction must not exceed £45; and
- The cumulative limit of consecutive contactless transactions without application of SCA (PIN entry or Cardholder Card Verification Method (CDCVM) used with Apple Pay etc.) must not exceed £130; or
- The number of consecutive contactless transactions since the last application of SCA (PIN entry or CDCVM) must not exceed five
When a contactless transaction requires SCA, RedCard is informed via the authorisation response from the Issuer. Some Issuers are already providing these responses and your POS may be seeing some contactless declines with messages like “SCA REQUIRED” or “DECL-INSERT CARD”. By Sept 14th all Card Issuers in the European region should be checking parameters and sending the SCA responses when appropriate. Many contactless transactions will be exempt and continue to approve.
We now have a new release of RedCardClient which when receiving the ‘SCA required’ response for a contactless transaction, will revert to a contact transaction rather than completing the payment transaction with a decline.
The ‘revert to contact’ processing will be as follows -
- For iPP350 customers, the contactless transaction will go online, then the PINPad will display ‘transaction declined’ briefly before displaying ‘Insert card’. Customer will continue with contact transaction. The POS will receive the response from the contact transaction only.
- For Miura customers, the contactless transaction will go online, then the PINPad will display ‘Insert card’. Customer will continue with contact transaction. The POS will receive the response from the contact transaction only.
A new release of RedCardClient with this ‘revert to contact’ processing can be downloaded from https://www.dropbox.com/s/3x0i90bbfnwq12a/RedCardClient.v2.1.B0026.jar?dl=0. Please can you deploy this release to all customers to ensure smooth processing of contactless transactions requiring SCA.