Effective March 3, 2026, Mastercard revised its rules to reflect the alignment of Albania, Montenegro, and Serbia’s payment systems regulations with European standards, including the Payment Service Directive 2 (PSD2) Strong Customer Authentication (SCA) regulatory requirements.
North Macedonia has also aligned with SCA regulatory requirements, however this is for domestic transactions only and as such are out of scope of this mandate.
If you’re based in the EEA and/or UK and process payments for customers in these countries, you should ensure you’re following our Strong Customer Authentication compliance guide.
It includes all the information you’ll need to follow SCA requirements, understand what transactions are out of scope, the exemptions you can use, and impacts on different business scenarios.