Strong Customer Authentication (SCA) coming in Sept 2019

Hi there, I’ve just been reading about the new Strong Customer Authentication (SCA), which is being brought in within the EU/EEA by 14 Sept 2019 (great article here:… I started reading about it after I had an email from Amex advising I’d be asked to verify when making purchases online. Seems like we will all have to verify every purchase online (over 30 euros) from this date although we can add retailers to new whitelists.

I was just wondering where this leaves Curve? Will we be asked to verify the Curve card or the underlying card? I have noticed an increase in verifications on some cards, no doubt as card issuers are getting ready for the changes and nudging new customer behaviours… I’m also (stubbornly) getting my bank debit card rejected all the time when used through Curve… are these things related, maybe?


1 Like

dont forget we’re leaving EU in 1 month :joy::joy::joy: :man_facepalming:


Yea, but I can’t see the banks not implementing this stuff… there’s lots of other areas of EU law we’re still implementing (in procurement, for example) that will come into being post Brexit day… they’ll err on the safe side in case there’s a delay or we decide to harmonise rules, standards etc…

I don’t think I have ever get asked to verify by 3D Secure when using Curve.

Is that because 3D Secure are not implemented at all for Curve cards?

Curve doesn’t use 3DS just yet :slight_smile:

1 Like

As far as the underlying card is concerned, it’s Curve that you’re buying from - so they will do those checks against Curve, not the merchant. So, you whitelist Curve itself on the underlying card(s), and that’s it.

1 Like

Agree it would seem logical it should work that way - big benefit to using Curve if so, especially for those in areas of poor mobile reception!

1 Like

I hope that Curve will not use SMS as a form of two-factor authentication for SCA. It’s a problem for people who travel, switching SIM cards and travelling to countries where their home network has no roaming agreement. SMS is also vulnerable to SIM swap fraud.


Perhaps the Curve app could generate a verification code (that is protected by Face ID or fingerprint)… that would fulfil the SCA regs of having two or more of the following…


These regulations are applicable to us and we are working on solutions.

Can’t really say without looking into the transactions. Have Customer Support given any indication for why they occur?

Thanks - I’m sorted now, I deleted and re-added said debit card and works faultlessly now :slight_smile: