EBA_SCA_REQUIRED_401 banking auth_error ai_generated true

AI tells an EU merchant to accept SEPA direct debits without PSD2 Strong Customer Authentication (SCA), ignoring EBA guidelines

ID: banking/ecb-psd2-strong-auth

Also available as: JSON · Markdown · 中文
92%Fix Rate
86%Confidence
1Evidence
2024-01-10First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
PSD2 directive 2015/2366 active
EBA RTS v2.0 active

Root Cause

PSD2 mandates SCA (two-factor authentication) for all electronic payments, including SEPA direct debits, per EBA Regulatory Technical Standards (RTS); merchants failing to implement SCA face chargeback liability and regulatory fines.

generic

中文

PSD2要求所有电子支付(包括SEPA直接借记)进行强客户认证(SCA),依据欧洲银行管理局监管技术标准(RTS);未实施SCA的商户需承担退款责任和监管罚款。

Official Documentation

https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money

Workarounds

  1. 92% success Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } }) 
    Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } })
  2. 88% success Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits 
    Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits
  3. 85% success Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically 
    Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically

中文步骤

  1. Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } })
  2. Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits
  3. Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically

Dead Ends

Common approaches that don't work:

  1. Disabling SCA for recurring payments under 30 EUR 90% fail

    EBA RTS allows low-value exemptions only for individual transactions under 30 EUR; recurring debits still require SCA at initiation

  2. Using 3D Secure v1.0 without dynamic linking 85% fail

    PSD2 requires dynamic linking (transaction-specific codes); 3DS v1.0 is deprecated and rejected by acquirers

  3. Storing card-on-file without re-authentication for subsequent payments 88% fail

    PSD2 mandates re-authentication for each payment unless a variable recurring exemption applies