LogoLogo
Get a demoLog inAcademyDevelopersMore docs
  • Bird CRM docs
    • Explore all products
    • Use cases
      • Bird for travel
        • Abandoned search recovery
        • Flight confirmation
        • Holiday search campaigns
        • Price change alerts
    • About Bird CRM
  • Inbox
    • Inbox
      • Concepts
        • Reports
      • Admin guide
        • Agents
          • Invite an agent to Inbox
          • Remove an agent from Inbox
          • FAQs
        • Tags
        • Routing
        • Teams
        • Feeds
        • Sender profiles
        • Reporting
      • Agent guide
        • 📚1. The basics
        • ⏰2. Your availability status
        • ✉️3. Send and receive messages
        • 💬4. Manage conversations
        • 👥5. View conversation participants
        • 👤6. View a contact's profile
  • Campaigns
    • Campaigns
      • Quickstarts
        • Send a campaign
      • Concepts
        • A/B tests
          • FAQs
        • Branded links
        • Calendar view
        • Campaign tags
        • Frequency limits
        • Scheduling
      • How-to
        • Schedule a campaign
        • Run an A/B test
        • Replicate a campaign
    • WhatsApp campaigns
      • How-to
        • Send a WhatsApp campaign
    • Email campaigns
      • How-to
        • Send an email campaign
    • SMS campaigns
      • Concepts
        • Best practices for MMS campaigns
      • How-to
        • Send an SMS campaign
    • Push notifications
      • How-to
        • Send a push notification campaign
    • New Campaign Builder
  • Automation
    • Journeys
      • Quickstarts
        • Create an abandoned cart recovery journey
      • Concepts
        • Journey templates
        • Journey runs
        • Journey insights
        • Journey reports
      • How-to
        • Use a send message step in a journey
        • Use a wait step in a journey
        • Use a conditional step in a journey
        • Use an update contact step in a journey
        • Use an end journey step in a journey
    • Flows
      • Quickstarts
        • Use template flows
        • Build an inbound flow
      • Concepts
        • Capabilities and limitations
        • Triggers
          • Agent triggers
          • Connector triggers
            • HubSpot triggers
          • Contact triggers
          • Conversation triggers
          • Feed item triggers
          • Message lifecycle triggers
          • Voice triggers
          • Webhook triggers
          • HTTP endpoint trigger
          • WhatsApp flow endpoint trigger
        • Actions
          • Bird API actions
            • Bots actions | API
            • Channel actions | API
            • Collaboration actions | API
            • Conversation actions | API
            • Engagements actions | API
            • Number management actions | API
          • Core actions
            • How to set up global variables in Flows
            • How to use the Filter Array Step
            • How to use the "Await Webhook" Step in Flows
          • Contact actions
          • Channel actions
          • Conversation actions
          • Connector actions
            • HubSpot actions
            • Open AI actions
          • Voice actions
      • How-to
        • Route conversations based on language
        • Route conversations based on sentiment
        • Set up a business hours auto-responder
        • Create a simple auto-responder
        • Set up conversational marketing
        • Create an FAQ bot
        • How to Match Regex in Flows
    • Approval Flow
  • Audience & Contacts
    • Sign-up forms
      • Quickstarts
        • Create a sign-up form
        • Create quizzes
      • Concepts
        • Sign-up process
        • Display
        • Colors
        • Targeting
        • Languages
        • Sign-up form analytics
    • Lists and segments
      • Quickstarts
        • Create a segment
      • Concepts
        • Segments
        • Lists
      • How-to
        • Create a segment based on contact activity
        • View contacts in a segment
        • Edit the setup of a segment
        • Delete a segment
        • Create a list
    • Contacts
      • Concepts
        • Contacts
        • Contacts directory
        • Contact profiles
        • Consent and subscriptions
          • Suppressions
          • Managing unsubscribes
          • Opt-ins, consent, and subscription statuses
            • Contacts with a 'blank' subscription status
      • How-to
        • Add contacts
        • Update the subscription status of your existing contacts
        • Send marketing campaigns to contacts with a 'blank' subscription status
        • Export contacts
        • How to bulk delete contacts
  • Content
    • Email templates
      • Concepts
        • Email content, styling, and personalization
        • Email design best practices
        • Advanced Email Templating
      • How-to
        • Create an email template
        • Import a custom HTML email
        • Use a prebuilt email template
        • Create personalized abandoned cart, browse and order placed emails
    • Message templates
      • Quickstarts
        • Create a message template
      • Concepts
        • Localization
        • Versioning
        • WhatsApp message templates
          • WhatsApp approved message templates
          • Reply to open conversation message template
          • Commerce messages
        • Apple Messages for Business
        • Push notifications
      • How-to
        • Localize a message template
        • Add variables to a message template
        • Create an SMS message template
        • Apple Messages for Business
          • Use dynamic variables in Apple Messages templates
          • Create a text Apple Messages template
          • Create an image Apple Messages template
          • Create a location Apple Messages template
          • Create a file Apple Messages template
          • Create a rich link Apple Messages template
          • Create a list picker Apple Messages template
          • Create authentication Apple Messages message types
          • Create a quick reply Apple Messages template
          • Create a time picker Apple Messages template
          • Create an iMessage App message template
          • Create a payment Apple Messages template
        • WhatsApp message templates
          • Create a WhatsApp approved message template
          • Create a reply to open conversation WhatsApp message template
          • Create a single product WhatsApp message template
          • Create a catalog WhatsApp message template
          • Create a coupon WhatsApp message template
          • Create an action WhatsApp message template
          • Create a limited time offer WhatsApp message template
          • Create a carousel WhatsApp message template
          • Create Approved WhatsApp Flows Template
          • Create reply to open conversation WhatsApp Flows Template
        • Create Push Notifications message templates
    • Chat widgets
      • Concepts
        • Send and receive messages
      • How-to
        • Build and install a chat widget on a Shopify store
        • Build and install a chat widget on your website
    • Media Library
      • How to Upload Images to the Media Library
    • Translation files
      • Creating and using translation files
    • External Data Sources
    • Lookup Tables
    • Discounts
    • Lookup tables
      • Managing lookup tables
      • Using lookup tables in Flows
    • Products
      • Custom Product Catalog Source
  • Analytics
    • Analytics
      • Concepts
        • Reporting metrics
        • Understanding the Attribution Model
        • List-unsubscribe in email headers
        • Understand Open Tracking
    • Channel analytics
      • Concepts
        • Channel logs
      • How-to
        • Analyze the performance of your channels
    • Campaign reports
      • Concepts
        • WhatsApp campaign reports
        • Email campaign reports
        • SMS campaign reports
      • How-to
        • View campaign reports
        • View A/B test campaign reports
        • See an overview campaign performance
  • Channels
    • Channels
      • Concepts
        • Quiet hours
      • Quickstarts
        • Find and install a channel
        • View information about an installed channel
        • View Channel Logs
      • Supported channels
        • Apple Messages for Business
          • Quickstarts
            • Install Apple Messages for Business
            • Use Apple Messages for Business
          • Concepts
            • Typing indicators
            • User device capabilities
          • How-to
            • Complete onboarding
            • Use entry points
            • Route messages
            • Send messages
            • Use Apple Pay
        • Email
          • Install email
          • Forwarding emails from Gmail
          • IP pools
          • Configure BIMI
        • Facebook Messenger
          • Install Facebook Messenger
          • Use Facebook Messenger
          • Facebook Messenger message types
        • Instagram Messaging
          • Install Instagram Messaging
          • Use Instagram Messaging
          • FAQs and Best Practices
          • Instagram message types
        • LINE
          • Install LINE
        • LinkedIn Pages Messaging
          • Install LinkedIn Pages messaging
          • Use LinkedIn Pages Messaging
          • LinkedIn Pages Messaging Types
        • Numbers
          • Quickstarts
            • Find and buy a new number
            • Activate a number
          • Concepts
            • Number types
            • Know-Your-Customer (KYC)
            • Activation, approval, and rejection
            • Number restrictions in China
          • How-to
            • Use a number
            • Cancel a number
            • Troubleshooting
            • FAQs
        • Push notifications
        • Google RCS
          • Create a Google RCS agent and install Google RCS as a channel
          • Testing and launching your agent
          • Create a Google RCS message template
          • RCS message template types
          • Create and send a Google RCS campaign
          • Create an RCS lead nurture journey with a fallback
          • Use RCS with an AI Agent
          • Grow RCS subscribers with a sign-up form
        • SMS
          • Quickstarts
            • Install SMS
            • Toubleshoot SMS Deliveries Faliures
            • (Missing) SMS delivery status
            • Troubleshoot Channel Health
          • Concepts
            • SMS parts and message length
            • SMS message types and compliance
            • Opt-in and opt-out compliance
            • Choose the right sender : Availability and restrictions by country
              • SMS Country Information Guide: Africa (A-L)
              • SMS Country Information Guide: Africa (M-Z)
                • South Africa
                • Nigeria
              • SMS Country Information Guide: Asia (A-K)
                • Japan
                • India
                • China
              • SMS Country Information Guide: Asia (L-Z)
                • Malaysia
                • Singapore
              • SMS Country Information Guide: Caribbean
              • SMS Country Information Guide: Central America
              • SMS Country Information Guide: Europe (A-M)
              • SMS Country Information Guide: Europe (N-Z)
              • SMS Country Information Guide: Middle East
                • United Arab Emirates
              • SMS Country Information Guide: North America
                • Messaging Best Practices - NORAM SMS / MMS
                • Canada
                • United States
                • Prohibited Content - NORAM SMS / MMS
              • SMS Country Information Guide: Oceania
                • New Zealand
                • Australia
              • SMS Country Information Guide: South America
            • MMS sizes and limitations
            • Automatic sender selection
            • SMS Registration
              • Use case requirements for SMS Registration
              • Setting up a SMS consent flow
              • SMS Privacy Policies
              • SMS Toll-free number
                • TFN Verification
                • Additional Costs for using TFN
                • How-to Guides
                  • Purchase a Toll Free Number via Bird
                  • Register a US or Canadian TFN for SMS via Bird
              • SMS 10DLC
                • How-to Guides
                  • Purchase a 10DLC number via Bird
                  • Register a 10DLC brand via Bird
                  • Register a 10DLC campaign via Bird
                  • Install SMS 10DLC
                  • Delete inactive 10DLC campaigns to avoid additional charges
                • Throughput and Daily Caps
                • Brand registration
                • Campaign registration
                • Additional costs for using 10DLC
                • 10DLC FAQs
            • Page 1
        • WhatsApp
          • Quickstarts
            • Before you start
            • Install WhatsApp
          • Concepts
            • WhatsApp for Business
            • Accounts and verification levels
              • Verified Facebook Business Manager Account
              • Official WhatsApp Business Account (Green tick)
            • Use WhatsApp
            • WhatsApp message types
            • WhatsApp's Customer Care Window
            • FAQs
          • How-to
            • Verify your Facebook Business Manager Account
            • Set up commerce messaging
              • Product inquiries
              • Product orders
            • Create a WhatsApp Flow
              • Create a flow
              • Testing your flow
              • Publishing and sending your flow
              • Handling Flow submission
            • Enable conversational components
            • Become a WhatsApp Tech Provider
              • Onboard as a Tech Provider
              • Connecting to Bird as solutions provider
              • Meta Tech Partner Migration 2024
            • Migrate from Bird to another BSP (Business Service Provider)
        • Telegram
          • Install Telegram
          • Bot commands setup
  • AI
    • AI
      • Quickstarts
        • Create an FAQ model
        • Build a detect intent model
      • Concepts
        • AI Assistants
          • Agent Assistant
          • Flows Assistant
          • Studio Assistant
          • FAQ Assistant
          • Audience Assistant
        • AI flow actions
        • AI integrations
        • Detect language: Supported languages
      • How-to
        • Set up and deploy automated FAQs
        • Set up and deploy detect intent models
    • AI Agents
      • Concepts
        • Knowledge bases
        • OpenAI token usage
      • How-to
        • Build a knowledge base
        • Set up an AI Agent
        • Deploy an AI Agent
  • Payments
    • Bird Pay (Beta)
      • Quick Start
        • How to get Bird Pay access?
      • Concepts
        • Onboarding
        • Payment Link
        • Wallet
          • Transfer
          • Recipient
        • Payments
          • Disputes
        • My customers
        • Payouts
        • Payment methods
        • Bird Pay Coverage
        • Strong Customer Authentication (SCA)
      • How-to
        • Create a Payment link
        • Refund a Payment
        • Manage Payout
        • Respond to a Dispute
        • How to set up MFA using the Authenticator app?
      • FAQs
        • Why was my onboarding unsuccessful?
        • How do I update my business address?
        • What are foreign currency fees on my Bird Payments?
        • How to raise an issue with Bird Pay with support?
  • Integrations
    • Integrations
      • Quickstarts
        • Find and install an integration
      • Concepts
        • Integration data sync
      • Supported integrations
        • ActiveCampaign
        • OPERA Cloud
        • Calendly
        • Easyship
        • Google Cloud Translation AI
        • HubSpot
        • Magento 1
        • Magento 2
        • Monday.com
        • Notion
        • OpenAI
        • Rebrandly
        • Salesforce
        • Shopify
        • SugarCRM
        • Zoho CRM
        • TikTok Ads
        • Typeform
        • WooCommerce
        • Zendesk Support
        • Google BigQuery
        • Snowflake
        • Amazon S3
        • Salesforce Marketing Cloud
        • Meta ads
        • Google Ads
      • How-to
        • How to integrate the Salesforce Connector on Bird?
        • How to Delete Contacts in Bird when Deleted in Salesforce
  • Account & Billing
    • Account
      • Organization settings
        • General
        • Single-Sign On (SSO)
          • Set up Single-Sign On (SSO)
          • Enforce Single-Sign On (SSO)
          • Entra ID
          • Google Workspaces
          • Okta
        • SCIM
          • Okta setup
          • Okta setup - Workspace IAM
          • Entra ID
        • Security Settings
        • Business profile
        • Workspaces
        • Plans & Billing
        • Wallets
        • Users
        • Access policies
        • Access roles
        • Access keys
        • How to find your Organization ID
        • How to find a Workspace ID
        • How to limit a user's access to a single workspace
        • How to download usage report?
        • How to pay (settle) invoices via wallet?
  • Help & Reference
    • Bird support
      • Invite Bird support
    • Deliverability & compliance
      • Email compliance - Bulk sending
      • United States SMS/MMS compliance
        • Key US Regulations
        • General US content restrictions
        • US SMS/MMS compliance
        • US Voice compliance
        • US state-level laws and regulations
        • US compliance & best practices checklist
        • US compliance FAQs
      • Singapore SMS Compliance
    • Data protection
      • Approved subprocessors
    • Release notes
    • Glossary
Powered by GitBook
On this page

Was this helpful?

  1. Payments
  2. Bird Pay (Beta)
  3. Concepts

Strong Customer Authentication (SCA)

Understanding Strong Customer Authentication (SCA) for Payments

In today's digital age, ensuring the security of online transactions is crucial for businesses and customers. Strong Customer Authentication (SCA) is a regulatory requirement designed to add an extra layer of security to online payments, making them more secure and less prone to fraud. It helps verify the customer's identity, ensuring they are the rightful payment method owner.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication is a set of requirements to reduce fraud and enhance online payment security. It is part of the Payment Services Directive 2 (PSD2) regulations enforced in the European Union. SCA requires online transactions using multi-factor authentication (MFA) to ensure legitimate customers make payments.

Key Components of SCA

To comply with SCA, businesses must use at least two of the following three authentication factors:

  1. Something the customer knows (e.g., a password or PIN)

  2. Something the customer has (e.g., a mobile phone or hardware token)

  3. Something the customer is (e.g., a fingerprint or facial recognition)

Multi-Factor Authentication (MFA) Using Username/Password and Authenticator Code

One of the most common methods of meeting SCA requirements is through Multi-Factor Authentication (MFA). MFA enhances security by combining two of the three authentication factors.

For example, when making an online payment, a customer might first enter their username and password (something they know). Once these details are verified, the customer is prompted to enter a code generated by an authenticator app on their mobile phone (something they have). This code is typically time-sensitive, adding an extra layer of security, as it becomes invalid after a short period.

As part of SCA, the users of Bird Pay must set MFA using an authenticator to access.

5-Minute Session Timeout

Another critical aspect of SCA is the implementation of session timeouts to prevent unauthorized access. A session timeout is a security feature that automatically logs a user out of their account after a certain period of inactivity. Under SCA guidelines, online payment sessions are recommended to have a timeout period of 5 minutes. If a customer is inactive for over 5 minutes, they must re-authenticate themselves by re-entering their credentials and authenticator code. This helps protect sensitive information and reduces the risk of unauthorized transactions.

With the setup of Bird Pay, a 5-minute session timeout automatically kicks in.

Dynamic Linking

Dynamic linking is a key component of SCA that ensures the authenticity of a transaction by linking the payment authorization to the specific amount and the payee. This means that the customer is shown the transaction details they authorise during the authentication process, including the amount and the recipient's name.

If any changes are made to these details, the authentication is invalidated, and the customer must approve the transaction again. This prevents potential fraudsters from altering transaction details after the customer consents, ensuring that payments are secure and authorized by the rightful owner.

Why is SCA Important?

SCA is essential because it helps protect customers from online payment fraud and enhances trust in digital transactions. SCA significantly reduces the likelihood of unauthorized payments and fraudulent activity by requiring multi-factor authentication, session timeouts, and dynamic linking.

For businesses, complying with SCA means adhering to regulatory requirements and providing a secure payment experience for customers. This not only helps in reducing fraud but also boosts customer confidence and loyalty.

Last updated 8 months ago

Was this helpful?