Online payment fraud continues to evolve as eCommerce grows globally. In the European Economic Area (EEA) alone, recent data shows total payment fraud losses reached approximately EUR 4.2 billion in 2024, up from EUR 3.5 billion in 2023, despite strong security measures being in place.
Transactions authenticated with strong customer authentication (SCA) remain significantly less susceptible to fraud, particularly card payments, where SCA has materially reduced the risk of unauthorised use. However, fraudsters are adapting with new tactics that exploit exemptions and manipulate genuine users. Understanding the role of PSD2, SCA and 3D Secure 2 (3DS2) is essential for online merchants looking to protect their business, maintain conversions and manage chargebacks effectively.
In this article, we’ll cover what SCA is used for, the difference between SCA and 3DS2, 3DS2 payment regulations and where 3DS is mandatory, among other things.
The difference between PSD2, 3DS2 and SCA
What does PSD2 cover?
The Payment Services Directive 2 (PSD2) is a European regulation designed to modernise and secure electronic payments across the EEA and the UK. It expands the original PSD by promoting competition and innovation while reinforcing consumer protection. A core requirement of PSD2 is SCA, which mandates additional verification steps for many online payments to reduce fraud. PSD2 applies to any business processing electronic payments where the payer’s and payee’s banks are within regulated regions. While PSD2 sets the legal framework, it does not prescribe a single technical method for compliance; 3DS2 is the most widely used.
What is SCA used for?
Strong Customer Authentication (SCA) is a security requirement under PSD2 that ensures online payments are authorised with at least two independent authentication elements. These fall into categories such as something the customer knows (for example a password), something they have (such as a phone) or something they are (biometrics). SCA helps verify that the person making the payment is genuinely the cardholder, reducing the risk of unauthorised transactions. There are certain exemptions, such as low‑value transactions or some corporate payments, which can avoid friction while balancing security and user experience.
What is 3DS2?
3D Secure 2 (3DS2) is an authentication protocol that helps merchants meet SCA requirements. It creates a secure link between the merchant, the card issuer and the infrastructure connecting them, enabling risk‑based and two‑factor authentication. Unlike earlier versions, 3DS2 supports richer data exchange and better mobile and app experiences, helping reduce abandonment during checkout. 3DS2 can also shift fraud liability for authenticated transactions from the merchant to the issuer, which is critical for chargeback management.
Benefits of PSD2, 3DS2 and SCA
Stronger fraud protection
One of the most important benefits of PSD2 and SCA is enhanced defence against online payment fraud. Transactions authenticated according to SCA rules are demonstrably less vulnerable to unauthorised use, particularly for card payments, contributing to the stable overall fraud rate of around 0.002% across the EEA. This has mitigated certain fraud types and helped shield merchants and consumers from greater losses.
Reduced liability and better chargeback control
Implementing 3DS2 helps merchants manage chargebacks more effectively. When a transaction is successfully authenticated via 3DS2, liability for fraud‑related chargebacks often shifts from the merchant to the card issuer. This protects merchants from bearing the full cost of fraudulent transactions and allows them to focus on disputes that stem from non‑fraud issues, such as goods not received or services not rendered.
Improved customer experience and conversions
3DS2 supports modern authentication methods such as biometric scans and app‑based verification. These can reduce friction compared with older authentication flows, helping lower cart abandonment and improve conversion rates. Organisations that optimise exemptions and risk‑based authentication often deliver smoother checkout experiences without compromising security.
Safeguard your business’s transactions with emerchantpay
emerchantpay is a global payment service provider built to help merchants accept payments securely and compliantly. Our solution supports online, in‑app and in‑store payments through a straightforward integration, backed by PCI Level 1 compliance. We offer features such as global acquiring, a broad range of payment methods, fraud and risk management tools and performance optimisation to support business growth.
With emerchantpay, you can implement 3DS2 authentication seamlessly and maintain compliance with PSD2 and SCA requirements. Our service includes personalised support from your own account manager, dedicated risk analyst and 24/7 technical assistance. Whatever your business size or market, we help you deliver a secure and friction aware payment experience to your customers.
Reach out to our payment experts and learn how you can set your payments up for 3DS2, PSD2 and SCA.