Introducing The Law Community, the online community just for Clio customers. Sign up now.

Strong Customer Authentication (SCA)


  • Strong Customer Authentication
  • Europe
  • SCA
  • Online Payment
  • Payment
  • Subscription


  • Clio Manage


What is Strong Customer Authentication (SCA)? 

Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online payments more secure. Beginning 14 September 2019, European banks will begin requiring their customers to authenticate payments using two of the following three elements; something their customer knows (e.g. password, PIN), something the customer has (e.g. mobile phone) and something the customer is (e.g. fingerprint scan). 

Who is impacted? 

Strong Customer Authentication will be required for transactions where both the business and the cardholder’s bank are located in the European Economic Area (EEA).

For customers in the UK, the UK regulator granted an 18 month phase-in period on August 2019 to give banks and businesses more time to prepare for these new requirements. As a result, we don’t expect banks to fully require SCA for payments from UK cards until March 2021.1.

When is Strong Customer Authentication required? 

While it is ultimately up to the cardholder’s bank, non-recurring payments are likely to require SCA. This includes initial subscription payment, modifications to the billing frequency (e.g. annual vs. monthly), changes to the price tier and addition/reduction of licenses. 

Specific types of low-risk payments may be exempted from SCA, such as fixed amount subscriptions (with the exception of the initial payment). You can read more about exemptions here.

What is the impact on Clio customers? 

We have added additional notifications and messages to our payment flows. If the bank does not ask for authentication, then SCA will not be triggered.

(The authentication UI will appear on top of Clio. This mockup is only meant for illustrating an idea of how SCA appear.) 

There are scenarios where the bank will ask for authorisation after the user has navigated away from the payment screen or has logged out of Clio. We have implemented in-app messages and emails in the event this occurs.  


Frequently Asked Questions

How will Clio customers know if they need to authenticate their payment? 

Clio customers who login will be presented with an in-app message prompting them to authenticate. Customers will also receive an email with a direct link to the necessary screen.  

Will existing Clio customers have to authenticate current subscription payments?

We are doing everything we can to prevent this from happening however it is ultimately up to the customer’s bank to determine if a payment requires authentication. 

Will Clio customers have to authenticate for every subscription payment?

While it is ultimately up to the customer’s bank, we do not expect authentication to be required for every subscription payment. There is an exemption that applies when a customer makes a series of recurring payments for the same amount, to the same business. SCA will be required for the first payment—subsequent charges, however, may be exempted from SCA.


Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality