What is Strong Customer Authentication and PSD2?

From September 2019, as part of the second Payment Services Directive (PSD2), new requirements known as Strong Customer Authentication (SCA) to authenticate online payments and logins are being introduced across Europe.

What is Strong Customer Authentication?

The biggest requirement introduced under PSD2 to enhance the user security is calledStrong Customer Authentication (SCA). SCA is a form of two-factor authentication designed to prove that end-customers are who they say they are, with specific rules around what constitutes ‘authentication’.

There are three valid categories of authentication available as part of SCA:

  • Knowledge: SOMETHING you KNOW - e.g. passcode

  • Possession: SOMETHING you HAVE - e.g. phone

  • Inherence: SOMETHING you ARE - e.g. biometrics

Only when the payer has been able to provide two of these forms of authentication, they will be allowed to perform the intended action. Through 2-factor authentication, Pleo ensures that the end customer is the rightful owner of the Pleo account or other payment mechanism.

If you would like to read the regulatory requirements, head to the Regulatory Technical Standards.

When do you need to use Strong Customer Authentication?

The increased security measure will be required for authenticating online payments and account access. This means that 2-factor authentication will be performed any time you:

  • access your Pleo account;

  • carry out payment with your Pleo card*.

Unless correctly authenticated, the user will NOT be allowed to perform the online transaction.

* Bear in mind that not all transactions are subject to Strong Customer Authentication.

How will Strong Customer Authentication impact your Pleo usage?

Through Strong Customer Authentication we guarantee an increased level of security by ensuring that it is really you using the account. You will be required extra authentication steps at account login and when performing payments.

SCA at login

All Pleo users, when logging into the Pleo account, both on browser and app, you will be prompted to carry out the 2-Factors authentication via two of the elements described above (possession, knowledge, inherence). If you have trouble logging in, check this help article here.

Make sure to always have your login details at hand. If you are unable to login or have forgotten the login credentials, your Admin will be able to help you.

SCA on online payment: 3DS.2

We USE 3D Secure (3DS.2) technology to protect you when making purchases online. 3DS.2 makes payments more secure by asking card owners to approve payments they make online by verifying their identity.

More Information

For more information about 3DS.2 in Pleo read here. For further clarification on Mastercard® Secure Code (the Mastercard® 3DS protocol used by Pleo cards) head here: FAQs

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article

Need more help? Contact us.

Chat with us if you have an Essential or Advanced plan, otherwise send us an email!