Relevant to UK clients on our Sponsored model who instruct payments via our API.
What’s changing?
We are completing our rollout of Strong Customer Authentication (SCA) by extending it to API payments.
Why is this changing?
This change will meet regulatory requirements, help protect against fraud and make online payments more secure.
What does this mean for me?
You will need to implement additional authentication in your payment workflow. This will involve an additional API call that will result in your customer receiving a one-time password (OTP) via SMS. When submitting the payment, you will need to provide the OTP in the header. If the OTP is successfully validated, then the payment will be processed.
We will provide you with detailed information about the changes you’ll need to make.
What do I need to do?
There is no action required immediately. We will be in touch with detailed information in plenty of time for you to meet the deadline.
When is this changing?
This will take place in the second half of 2026. We will communicate the exact date closer to the time.
What happens if I fail to meet the deadline?
This is a regulatory requirement that has a mandatory deadline.