What’s Strong Customer Authentication?

Tech November 25, 2019

Harry

Since summer 2019, you might have noticed a stronger security presence when it comes to your mobile or online banking.

Maybe you received an email from your bank letting you know about measures they were adding to increase security?

When logging into mobile or online banking, you might have had to verify your phone number or email address, set up a key code (sometimes known as a passcode) or biometric (this is touch-ID or face-ID).

You’ve probably noticed you’re entering a One Time Passcode(OTP) more often than you were before.

Ever wondered why?

Well, it’s all because of PSD2 (or, to use its full name, the Revised Payment Service Directive) and Strong Customer Authentication (SCA).

What is PSD2?

To help protect consumers and enhance online security, in 2018 the European Union introduced a new series of checks and requirements for all online banking services.

This is called PSD2 and one of its main focuses is encouraging Strong Customer Authentication (also SCA).

One of the major aims of PSD2 is the focus on improving security in online payments by emphasising SCA. Basically, being super, super sure that you and only you can access your money.

What is SCA?

The way SCA does this is through something called two-factor authentication (2FA). You’re probably already aware of this even if you don’t know it by that name. It’s for those situations where inputting the username and password by themselves aren’t considered secure enough, so you need to add an extra layer of security.

Obvious examples of this are additional questions that only you would know, like “what’s my mother’s maiden name?”. A lot of financial institutions already have an SCA solution in place to secure online and mobile banking access, often with an OTP through SMS text messaging or email.

This has now evolved with the use of smart phones and 2FA now includes biometric recognition or fingerprint activation.

What are the new SCA requirements?

SCA now requires banks and financial institutions to put in place multi-factor authentication for all transactions made online, on your mobile or in-app. So that’s things like transferring money, online shopping, setting up a standing order in-app or topping up a prepaid card.

This will need to be done by December 2020. However, the date does seem to move around a lot so all companies effected are being advised to roll it out sooner rather than later.

Different banks and companies will have these checks at different points (some to log into app, some just before you make a transaction). Whenever you use them, this means you’ll need to set up two independent sources of validation to use with your online or mobile banking. This is done by a combination of two out of these three categories:

  • Something you know (e.g. PIN)
  • Something you have (e.g. card/phone)
  • Something you are (e.g. fingerprint)

And that’s SCA. If you’re interested in reading the original SCA requirements and really getting into the nitty gritty they are set out in the Regulatory Technical Standards (RTS) here.

WeSwap account holder? Find out what SCA means for you by checking out our dedicated FAQ here.

0 comments

Leave a comment

Your email address will not be published

Fields marked * are required