Whenever you try to order food or add a new credit card to your account, you might be prompted to authenticate the transaction with your bank via a pop-up screen. This protocol is part of Strong Customer Authentication, a new regulation for the European Economic Area requesting banks to authenticate digital transactions. This authentication protocol adds an extra layer of security to all your online transactions.
Strong Customer Authentication (SCA) is a European and UK regulatory requirement to decrease fraud and secure online payments. Although the regulatory requirements are applicable to banks that issue credit cards, Uber had to build additional authentication into our checkout flow to complete transactions once Strong Customer Authentication went into effect.
SCA demands extra authentication protocol upon digital transaction with at least one of the following authentication types:
Banks will include some type of extra authentication (like the ones above) to most digital transactions in order to comply with SCA. The extra authentication is set up, controlled and approved by your Bank, not by Uber.
Banks will decline transactions that fail to be authenticated. If you would like to inform yourself about Strong Customer Authentication regulations and requirements, they are set out in the European Banking Authority and European Commission.
SCA—and the authentication protocol that comes with it—is subject to all transactions made with payment methods issued in the European Economic Area (EEA), and transactions made with them in and outside the EEA.
The most common way to authenticate an online transaction involves an extra step upon checkout, where the cardholder is prompted by their bank to provide supplementary information to complete a transaction (example: a given password, a code via text, or a fingerprint confirmation).
It will depend on the transaction amount/frequency and your bank’s authentication policy. Typically, you’ll need to authenticate every time you add or update a new credit card payment method.
Authenticating your transactions (if applicable) will reduce the risk of fraud or other types of abuse. Each time you initiate a digital transaction, your bank might ask you to authenticate in order to confirm eligibility. Not all transactions will need to be authenticated. To know more about when and why extra authentication is required, reach out to your bank.
The authentication will be carried out and secured by your bank. The authentication process and type of authentication (text or fingerprint, for example) is not decided nor owned by Uber, so if you have any questions regarding security, contact your bank directly.
When 2-step verification is enabled, you will be challenged with two security challenges each time you sign in to your Uber account.
Strong Customer Authentication is a non-optional authentication protocol, aiming to provide an extra layer of security, specifically to your digital transactions.
Yes, whenever a new digital transaction is initiated, you might be asked to authenticate it.
Under this regulation, specific types of low-risk payments may be excused from Strong Customer Authentication. Upon transaction, your bank will evaluate the risk level of the transaction, and ultimately decide whether to approve the exemption or whether authentication is still necessary.
Other digital payments such as PayPal, Apple Pay or Google Pay digital wallets are not subject to Strong Customer Authentication protocols.