{
  "id": "banking/ecb-psd2-strong-auth",
  "signature": "AI tells an EU merchant to accept SEPA direct debits without PSD2 Strong Customer Authentication (SCA), ignoring EBA guidelines",
  "signature_zh": "AI告诉欧盟商户接受SEPA直接借记而不需要PSD2强客户认证，忽略欧洲银行管理局指南",
  "regex": "SCA.*required.*SEPA|PSD2.*direct.debit.*denied",
  "domain": "banking",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "PSD2 mandates SCA (two-factor authentication) for all electronic payments, including SEPA direct debits, per EBA Regulatory Technical Standards (RTS); merchants failing to implement SCA face chargeback liability and regulatory fines.",
  "root_cause_type": "generic",
  "root_cause_zh": "PSD2要求所有电子支付（包括SEPA直接借记）进行强客户认证（SCA），依据欧洲银行管理局监管技术标准（RTS）；未实施SCA的商户需承担退款责任和监管罚款。",
  "versions": [
    {
      "version": "PSD2 directive 2015/2366",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "EBA RTS v2.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Disabling SCA for recurring payments under 30 EUR",
      "why_fails": "EBA RTS allows low-value exemptions only for individual transactions under 30 EUR; recurring debits still require SCA at initiation",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "Using 3D Secure v1.0 without dynamic linking",
      "why_fails": "PSD2 requires dynamic linking (transaction-specific codes); 3DS v1.0 is deprecated and rejected by acquirers",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    },
    {
      "action": "Storing card-on-file without re-authentication for subsequent payments",
      "why_fails": "PSD2 mandates re-authentication for each payment unless a variable recurring exemption applies",
      "fail_rate": 0.88,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } })",
      "success_rate": 0.92,
      "how": "Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } })",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits",
      "success_rate": 0.88,
      "how": "Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits",
      "condition": "",
      "sources": []
    },
    {
      "action": "Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically",
      "success_rate": 0.85,
      "how": "Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } })",
    "Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits",
    "Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money",
  "official_doc_section": null,
  "error_code": "EBA_SCA_REQUIRED_401",
  "verification_tier": "ai_generated",
  "confidence": 0.86,
  "fix_success_rate": 0.92,
  "resolvable": "true",
  "first_seen": "2024-01-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}