We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Strong Customer Authentication

Strong Customer Authentication – what’s next?

The European Banking Authority (EBA) has released an opinion stating that the revised deadline for migration to SCA has been set at 31 December 2020, a 15-month extension from the original implementation date of 14 September 2019.

The focus of the EBA opinion is on ensuring a harmonised, phased approach to implementation, with a clear timeline of actions required by payment service providers (PSPs) to ensure full compliance throughout the payments ecosystem well in advance of the deadline.

It is now vital that merchants maintain their focus on integrating 3D Secure to their purchase flows, making the best use of the additional time to pilot, test and introduce SCA incrementally.

What should merchants do to prepare for the revised deadline?

1. Plan your phased rollout of 3DS 2.1 – 2.2 now

There had been a perception that 3DS 1 was a challenging user experience1 , as it introduced a significant degree of friction into the flow, requiring users to navigate away to a third-party site in order to complete the authentication.

3DS 2.1 offers a much more user-friendly experience with the authentication challenge embedded in the purchase flow. By integrating version 2.1 now, it will be a much smaller lift for merchants to integrate 3DS 2.2 once it is available.

Critically, 3DS 2.2 offers merchants the opportunities to avail of exemptions to SCA such as those available for low-value and recurring transactions.

2. Work on reducing your fraud rates

There are clear rules regarding the challenging of payments under PSD2. Transactions valued under €30 will not need to be challenged. For transactions above €30, a new procedure kicks in, one that depends on the reference fraud rates of the acquiring bank and the issuer – not the merchant.

Under PSD2, if your acquirer’s fraud rate is below 13 basis points (bps) there’s no requirement for a challenge for transactions of up to €100. But if the fraud rate is below 6bps that ceiling rises to €250.

Merchants with an applicable fraud rate of below 6bps can apply to join J.P. Morgan’s discrete low fraud entity which allows merchants to claim a Transaction Risk Analysis exemption flag for transactions of up to €250.

3. Check that your gateway, acquirer and other third party technology partners are 3DS-ready.

The power of SCA to increase approval rates and reduce fraud depends very much on the whole e-commerce ecosystem working together. Merchants should use this extension to the SCA deadline to understand: what are their partners’ plans for the rollout of 3DS? And how will that impact their own development roadmap?

Greater clarity around how SCA will work in practice

“From our European HQ in Dublin our on-the-ground SCA advisory team has been working closely with our merchants for the past 18 months, helping them navigate the complexity of achieving that balance between security and the need for convenience and speed in online payments,” says Brian Gaynor, Executive Director, Head of Product and Strategy at J.P. Morgan Merchant Services in Europe.

“Previously there has been a lack of clarity throughout the e-commerce payments industry around what SCA will mean in practice and the steps needed for each member of the ecosystem to become fully SCA-ready,” he continued.

“The EBA has provided a clear timeline of milestones that issuers and acquirers must achieve well in advance of the new December deadline. We will be working closely with clients and across the ecosystem to ensure those milestones are met.”

Focus on building a plan of implementation, testing and iterative releases

According to Gaynor, “Now the technology is available, merchants can focus on building a phased plan of implementation, A/B testing and iterative releases in order to ensure that the introduction of SCA causes minimal disruption to their purchase flows.”

J.P. Morgan is SCA-ready

3DS 2.1 is available today via J.P. Morgan to authenticate your transactions, with version 2.2 anticipated for 2020. Our solution helps you to retain full ownership of the consumer experience while benefiting from the flexibility to adapt to local market conditions.

We will continue to work closely with our European merchants to ensure they migrate to authentication approaches that are compliant with SCA.

As part of our enhanced advisory offering we monitor authorisation and fraud rates for all our merchants, and proactively advise them of any potential issues as well as help them put solutions in place.

Contact your J.P. Morgan representative or call our merchant support team on:

Europe: +353 1 726 2909

UK: +44 845 399 1130


 The cold hard truth about 3D secure, Finextra, September 2016; 3D Secure 2.0’s Six Pillars, Pymnts, August 2017



Already an Existing Customer?

Contact us if you require advice, help or support.

Existing Merchant Service Customers

If you have a technical issue or a question about your merchant account, please call your Relationship Manager directly.
Alternatively, call our merchant support team on:

For Europe: +353 1 726 2909     UK: 0845 399 1130

Further information is available at any time through your Paymentech Online account.


Out of Courts Complaints and Redress Procedures

  1. J.P.Morgan has in place complaint resolution procedures to settle complaints of Merchants arising from their rights and obligations under Parts 3 and 4 of the Payment Services Regulations 2018.
  2. If you have a complaint, please contact your Relationship Manager. Your complaint will be addressed in accordance with J.P.Morgan complaint policy, which we are happy to provide upon request.
  3. In the event of a complaint, a Merchant may refer the matter to the Irish Financial Services and Pensions Ombudsman (FSPO) or such relevant out-of-court complaint body or to such other competent out-of-court complaint body applicable to you in the country where you are established.
  4. Details on complainant eligibility are available on the FSPO website.

                   You can contact the FSPO at:

Irish Financial Services and Pensions Ombudsman
Lincoln House
Lincoln Place
Dublin 2
D02 VH29
Tel: + 353 1 567 7000
Email: info@fspo.ie
Website: https://www.fspo.ie


Merchants domiciled in the UK

  1. From 1st January 2021, J.P.Morgan will enter into the UK's Temporary Permissions Regime (TPR).
  2. The TPR has been established by the UK regulators to allow firms such as J.P.Morgan to continue to operate in the UK following the end of the Brexit transition period.
  3. During the TPR, a UK-based merchant that is not satisfied with our response to a complaint and that qualifies as an eligible complainant may refer the matter to the UK's Financial Ombudsman Service. Details on complainant eligibility are available on the Financial Ombudsman Service website.

                   You can contact the Financial Ombudsman Service at:

Financial Ombudsman Service
Exchange Tower
E14 9SR
Free phone: 0800 023 4567
Email: complaint.info@financial-ombudsman.org.uk
Website: www.financial-ombudsman.org.uk