This article may be out of date!
Visit the New Knowledge Center

Changes to Online Payment Regulations in the EEA: Strong Customer Authentication (SCA) Required.


What changes are happening to online payment regulations in the EEA?

From 14 September 2019, new requirements to securely authenticate online payments and subscriptions will be introduced in the EEA as part of the second Payment Services Directive (PSD2). This additional layer of verification is known as Strong Customer Authentication (SCA). You can learn more about the specifics of SCA below.  

What does this mean for you and Clio? 

  • We may require cardholders of Clio subscriptions to authenticate their payment details to continue to receive payment for their subscription. This requirement, and timing of notice, is at the discretion of a cardholder’s bank and is not controlled by Clio. 
  • If a cardholder does not authenticate their information when prompted, their Clio account may go into a state of payment error, and access to Clio may be disrupted. 
  • When required, we will communicate with you from within Clio, via email, and may have our Customer Success team contact you to help you verify your information. 

To avoid disruption to your Clio subscription, please verify your cardholder information when prompted. You can learn more about Strong Customer Authentication in this article, or contact our Support team at or +44-800-433-2546. 


What is Strong Customer Authentication (SCA)? 

Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online payments more secure. Beginning 14 September 2019, European banks may require their customers to authenticate payments using two of the following three elements; something their customer knows (e.g. password, PIN), something the customer has (e.g. mobile phone) and something the customer is (e.g. fingerprint scan). 


What online transactions do Strong Customer Authentic apply to?

Strong Customer Authentication will be required for transactions where both the business and the cardholder’s bank are located in the European Economic Area (EEA) with the exception of the UK.

Specific types of low-risk payments may be exempted from SCA, such as fixed amount subscriptions (with the exception of the initial payment). You can read more about exemptions here.


When will cardholders have to provide Strong Customer Authentication for a transaction?

This is up to a cardholder’s bank as different financial institutions will adopt this regulation differently. When required by a bank, Clio will prompt customers to authenticate their billing details accordingly. 

Notice for UK-based customers: In August 2019 the UK regulator granted an 18 month phase-in period to give banks and businesses more time to prepare for these new requirements. As a result, we don’t expect UK banks to fully require SCA for payments until March 2021.


What is the impact to Clio customers? 

For current Clio customers: If their bank requires SCA, Clio account administrators and Primary Subscriber will be prompted via a notification in Clio to verify their cardholder information by whichever means their bank needs e.g. confirming identity via bank login, email, text, or other secure means. A reminder email will also be sent by Clio if not completed.  

If this information is not provided, there is the risk that your Clio payment is rejected and your account may go into payment error. Our Customer Success team will work with customers to ensure this does not occur where possible. 


For current Clio customers modifying their subscription: When making any changes to the number of Clio licences, or billing cadence, Clio account administrators may be prompted to verify cardholder information via a link in Clio. An email reminder will also be sent if not completed.  

If this information is not provided, there is the risk that your Clio payment is rejected and your account may go into payment error. Our Customer Success team will work with customers to ensure this does not occur where possible. 


For new Clio customers: We have updated our sign-up and payment flows to easily and securely authenticate payments. Please note: If your bank does not ask for authentication, SCA will not be required. 


(The authentication UI will appear on top of Clio. This mockup is only meant for illustrating an idea of how SCA appear.) 

Frequently Asked Questions


How will Clio customers know if they need to authenticate their payment? 

If a Clio customer’s bank requires SCA, Clio account administrators and the Primary Subscriber will be presented with a message prompting them to authenticate their details from a main screen in Clio. Customers will also receive an email with a direct link to the necessary screen to provide SCA.


Will all Clio customers have to authenticate current subscription payments?

This is up to the customer’s bank to determine if a payment requires authentication. We will work to streamline this experience as much as possible with messaging in Clio. 


Will Clio customers have to authenticate for every subscription payment?

While it is ultimately up to the customer’s bank, we do not expect authentication to be required for every subscription payment. There is an exemption that applies when a customer makes a series of recurring payments for the same amount, to the same business. SCA will be required for the first payment—subsequent charges however may be exempted from SCA.

Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality