Language Français |  Nederlands

Be prepared for Strong Customer Authentication (SCA)


Keep your accounts safe online




The revised Payment Service Directive (PSD2) introduced the Strong Customer Authentication (SCA) requirements which were designed to increase security and reduce fraud associated with payments. It requires payments service providers like American Express to authenticate their customers using Two-Factor Authentication. SCA must be applied when a payer:


  • initiates an electronic transaction (both card present and card not present)
  • accesses their payment account online and
  • carries out any remote action which may imply a risk of fraud, unless an exemption is available.

We’ve compiled the impacts this will have on Cardmembers and Account users and outlined the adjustments that can be made to ensure disruption is kept to a minimum.



What's changed?

To keep your programme even more secure, we've introduced additional layers of security to ensure that Cardmembers and Account users are safe when shopping
online or accessing their Accounts.



For online payments


SafeKey will appear more often during the checkout stage. SafeKey helps protect Cardmembers against fraud while making a purchase online by confirming it's really them making the purchase. Cardmembers may receive verification codes to their email or mobile phone via SMS, depending on the choice they have made, more often. However, where merchants websites don't support SafeKey, American Express may not be able to verify their transaction, so it may be declined to keep their account secure.


To minimise verification requests, Cardmembers will be able to use Express List, our solution which enables cardmembers to 'whitelist' merchants they trust. SCA will be required unless an exemption is available. For example, SCA will apply when a payment is over the transactional risk analysis threshold and the merchant is not on Express List NL or Express List FR.



Payment portal account users


When logging into their online Account, users will need to use their username and password as usual. We will also send an extra verification request by text or email. This layer of security lets us know its them accessing the Account in order to continue to make purchases.


For online accounts


When logging into their online Accounts, Cardmembers will need to use their username and password as usual. We may also send an extra verification request by text or email. It is therefore important that Cardmembers users ensure their account information contains their correct email address and mobile number.



Contactless payments


All new and renewed Corporate Cards are equipped with the contactless payment function since May 2020. Most of the time you will be able to use your contactless Card as usual. However, you may sometimes be asked to enter your PIN. On these occasions, the terminal will ask you to place your Card into the card reader and enter your PIN.


Strong Customer Authentication product checklist 

The table illustrates products where Strong Customer Authentication applies.




SCA Impacted Product Checklist