Strong Customer Authentication is a requirement rolled out across Europe by the EU Revised Directive on Payment Services (PSD2).
It requires a multi-factor authentication for electronic payments in order to increase its security and prevent fraud. This can be something the customer knows (password/pin), something the customer has (phone/hardware token) or something the customer is (fingerprint or face recognition).
In the UK it will be enforced over the course of 2021.
When you initiate a payment in tomato pay you are being redirected to your banking app where you will most likely need to perform SCA to complete the payment giving you further protection.