Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

A Guide to PSD2 – Strong Customer Authentication


about the author

Share this post

Advances in digital technologies and the growth of the internet have led to an explosion in online crime. As traditional crimes like burglary and car theft continue to fall, online fraud has quickly become the most common crime in the UK with almost one in ten people falling victim.

Criminals have shifted their strategies, and online crime has enabled them to target thousands of victims at the same time from almost anywhere in the world. Using phishingmalware, and a host of other tactics, criminals can gain access to people’s bank accounts by tricking them into revealing their passwords and personal details.

These online crimes can have a devastating impact on the victim, and in some cases, individuals aren’t even aware they have been targeted until they realise that their bank account has been cleared out.

The financial services industry has invested heavily in new measures to help protect customers online and this has helped prevent more than £1.6 billion of unauthorised fraud. However, despite this investment, cybercriminals still managed to steal £1.2 billion through fraud and scams in 2018.

In January 2018, a new EU Payments Services Directive (PSD2) was introduced, bringing in new laws designed to enhance consumer rights and reduce online fraud. This was an update on the previous First Payment Services Directive (PSD1) which was implemented in 2009. The updated version of the Directive was driven by the rise in eCommerce and technological innovations in the payments sector.

What is PSD2 Strong Customer Authentication?

A Guide to PSD2 - Strong Customer Authentication

A key element of PSD2 is the introduction of additional security authentications for online transactions of more than €30, known as Strong Customer Authentication (SCA). In the past, customers could just checkout online by entering their card number and a CVC verification code. However, under the new PSD2 regulations, customers will need to provide an additional form of identification.

What is the Strong Customer Authentication requirement?

Under the new regulation, all electronic payment transactions will need to be authenticated by at least two of three possible methods:

  1. Knowledge: Something only the user knows – Ex: A password
  2. Possession: Something only the user possesses – Ex: Mobile phone, token or card reader
  3. Inherence: Something the user is – Ex: Biometric – Fingerprint, facial recognition, voice recognition

Where does Strong Customer Authentication Apply?

A Guide to PSD2 - Strong Customer Authentication

SCA will apply to transactions in the European Economic Area (EEA) only, where both payer and payee are in the region. If one of these is located outside Europe, the requirement is for the payment service provider in Europe to use their best efforts to apply SCA.

What is SCA payment?

Strong Customer Authentication will apply to customer-initiated online payments within Europe. This will mean that the majority of card payments and all bank transfers will require SCA.

At the current time, the most common way of authenticating an online card payment relies on 3D Secure. This service is offered by several credit card providers and gives additional protection to card users by introducing another layer of password protection. Drawbacks to the current method include the use of a different URL for the pop-up screen which could be misconstrued as a phishing site. It can also be difficult to remember multiple passwords for different cards.

To address these challenges and meet the new SCA requirements, an updated version of 3D Secure has been adopted by European banks. The new 3DSecure2 is mobile friendly and supports the use of biometrics, helping improve the overall user experience.

What are the exemptions to Strong Customer Authentication?

A Guide to PSD2 - Strong Customer Authentication

PSD2 was designed to make SCA a requirement for all online transactions. However, some exemptions will help maintain a frictionless customer payment journey and help achieve the right balance between convenience for the consumer and fraud prevention.

Exemptions include:

  • Low-Value Transactions – Transactions under €30 are exempt from SCA. However, if the customer attempts more than five consecutive low-value payments, or if the total payments value exceeds €100, SCA will be required.
  • Recurring Transactions – When a customer makes a regular payment of the same amount to the same business, SCA will only be required for the first transaction. If the amount changes, 3D secure will be required for every new amount.
  • Whitelisted Merchants – Consumers have the option to assign businesses to a whitelist of trusted beneficiaries. After the first authentication is completed, all further transactions will be exempt from authentication.
  • Low-Risk Transactions – Low-risk transactions that have undergone real-time assessment may be processed without SCA. This decision will be based on the average fraud levels of the card issuer and they will have the ultimate say on whether SCA is required.
  • Mail Order and Telephone Orders (MOTO) – Mail order and telephone order transactions are not considered to be electronic payments, so they are exempt from SCA.
  • Corporate Payments – When a transaction is initiated by a business rather than a consumer, it will not require separate authentication.

When will PSD2 Strong Customer Authentication come into effect?

The implementation of PSD2 Strong Customer Authentication will come into effect from September 14, 2019.

Within the last week, the UK Financial Regulator, the Financial Conduct Authority (FCA), has agreed to delay enforcement of the new online payment regulation by 18 months. Businesses will have until March 2021 to effectively implement the new feature.

The delay was granted after pressure mounted from industry groups warning that card issuers, payment firms, and online retailers would not have enough time to implement the changes and that customers could be impacted as a result.

The FCA said it will not take action against firms that fall foul of the new legislation during this time frame, providing they can demonstrate they have taken steps to comply with the system. After the 18-month grace period, all online payments will be subject to the new security measures.


There’s no doubt that the implementation of PSD2 will bring about huge changes for payment service providers. Many will have to change their systems to handle 3D Secure2 and other SCA methods, while carefully balancing the convenience and security needs of their customers. However, by helping reduce fraud rates in the industry, the new regulation will lead to increased trust with consumers and ultimately improve the overall customer payment journey.

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security training within your organisation.

Other Articles on Cyber Security Awareness Training You Might Find Interesting