Online security changes
Later this year, new requirements for authenticating online payments will be introduced as part of the second Payment Services Directive (PSD2).
Find out more

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is one of the key requirements of PSD2, a new European regulation which comes into force in September 2019.

SCA focuses on improving online security and reducing consumer fraud. Under the new regulations, you will have greater protection when you make electronic payments or transactions, such as shopping or banking online.

How does it work?

SCA requires customers to prove their identity using two of the following three elements (also known as two-factor authentication):

Something you know
(eg password or PIN)
Something you have
(eg card or mobile phone)
Something you are
(eg fingerprint or Face ID)

How does it affect me?

If you’re an Internet Banking customer, there will be an additional security check using SecureCall when you log on or make changes to your account.

If you use our Mobile Banking App, you will be required to enter your Passcode to add a payee, make a payment or make changes to your account.

Do I need to do anything?

Check your contact details
Please ensure your contact details are up to date and we have the correct mobile and/or landline telephone numbers for you. If we don't have the correct information then we'll be unable to authenticate you.

You can check what details we hold for you already by using 'Other Services' on Internet Banking and going to ‘Change my Contact Details’.

Download our Mobile Banking app

If haven't already, download our Mobile Banking App. It's the quickest and easiest way to manage your accounts.

mobile-panel-appstore.png mobile-panel-googleplay.png


  • Why is SCA needed?

    Following a sharp rise in online consumer fraud in recent years, the European Commission intervened by placing SCA requirements on member countries as one of the core components of PSD2.

  • What kind of transactions are affected?

    SCA generally applies to customer-initiated electronic payments, such as card payments and bank transfers.

    However, not all transactions will require additional authentication. There are a number of exemptions, listed below:

    • Trusted beneficiaries (verified payees)
    • Recurring payments (the initial setup will require SCA)
    • Low value or low risk transactions
    • Contactless payments
    • Unattended terminals (parking and transport)
    • Secure corporate payments
    Additionally, direct debits, mail / telephone orders or transactions where either the Issuer or Acquirer is located outside the European Economic Area (EEA) are not affected.
  • When will the changes take effect?

    Updates to our Internet Banking and Mobile Banking App services will be rolled out in June. Further details will be communicated to customers nearer the time.

    The final deadline for all businesses to comply with PSD2’s Regulatory Technical Standard (RTS) is 14th September 2019.

  • What is SecureCall?

    SecureCall is a fraud prevention feature of Internet Banking which is designed to help protect you and your money from online fraud.

    You may already be familiar with SecureCall as we use it to verify payments to new payees. From June, it will also be required when you log on or make changes to your account.

    You can read more about SecureCall on our Help & Support pages.

  • How do I update my contact details?

    You can update your landline number on Internet Banking or over the phone if you have your registered mobile to hand. To update your mobile number, you can visit a local branch, send us a signed request to Investment Services, Cumberland Building Society, Cumberland House, Cooper Way, Parkhouse, Carlisle, CA3 0JF or by email to