Strong Authentication

Payment Service Providers (PSPs) are required to implement Strong Customer Authentication (SCA) whenever clients wish to:

  • Access their account online;
  • Make an electronic payment;
  • Carry out any remote action involving a potential risk of payment fraud or other abuses.

Strong Authentication requires that the Payment Service Provider asks the client for at least two authentication factors from the following categories:

Knowledge - Something the user knows (e.g. a password or PIN)

Possession - Something the user possesses (e.g. a one-time password, mobile phone, or payment card)

Inherence - Something inherent to the user (e.g. a fingerprint or facial recognition)

 

Both elements requested by the PSP must belong to different categories.