"Strong Customer Authentication"
"Strong" Customer Authentication typically seems to involve being sent an SMS authentication token to verify the transaction. This, despite the well known insecurity of SMS, and indeed recent advice from EUROPOL not to use it for sensitive transactions.
What's worse, many businesses are still unaware of the requirement or are still unable to support it, and the banks I've dealt with are extremely unhelpful - to the extent that one of my banks would not tell me what the required process was until I complained directly to the Chairman of the bank. The response from the complaints deflection department to my letter to the Chairman explained the process but rejected my complaint merely stating "you'll have to find another way to pay the supplier", So much for the service of storing my money.
Given the commonly inept and insecure implementation, I firmly believe SCA is really about liability transfer, not security.
Biting the hand that feeds IT
