Strong Customer Authentication (SCA) for e-commerce in the landscape of European regulations

Strong Customer Authentication (SCA) is a requirement specified as part of the PSD2 legal framework to protect European customers from fraud. The law was mainly tailored to banks, but some large e-commerce platforms, such as eBay, are also required to offer SCA. This talk will discuss SCA requirements for e-commerce companies embedded in the legal landscape of related regulations in Europe. The upcoming PSD3 regulation may change how SCA is applied, in particular with regards to how modern SCA factors such as Passkeys can be leveraged. The European Accessibility Act (AAA) as well as the EU AI act further impact requirements for how to set up SCA. The talk will also look at differences between UK and EU requirements for SCA.  Finally, an outlook will be given in how EUDI wallets can help e-commerce companies to conduct Know-your-customer (KYC), SCA, and forget-your-password flows.