PSD2: How Strong Customer Authentication Is Reshaping Digital Payments

May 3, 2022
Woman looking into a phone, PSD2 text surrounded by EU stars, blurry city background

The introduction and implementation of SCA has made it clear that certain authentication factors no longer cut it in terms of security. Here’s how your business can benefit from embracing SCA requirements.

In September 2019, new requirements for authenticating online payments were introduced in Europe as a key part of the second Payment Services Directive (PSD2). These requirements are now known as the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA).

As is described by the European Commision, “The SCA requirement makes it easier and safer for consumers to pay for goods and services online and helps fight fraud.”

Across the EU, gradual enforcement of SCA rules began on January 1, 2021. Since then, countries within the EEA have been working to implement individual enforcement timelines, with many countries putting full enforcement of SCA requirements into action during the course of spring and summer of 2021. As of last month, SCA rules have also come into force in the UK and Switzerland.

SCA rules enforcement table with 8 EU countries in 2021 and 2022
Image Credits: Stripe

With today’s SCA rules in place, businesses and customers both have active roles to play to meet the requirements.

What Does SCA Mean for Businesses?

A portion of businesses were already meeting SCA requirements prior to the legislation being fully enforced. For those that aren’t yet compliant, it’s necessary for them to add a method for meeting Strong Customer Authentication (SCA) to their checkout process. For payment service providers, this means that the proper steps need to be taken in order for applications to meet SCA requirements (more on that below).

Here are several benefits that businesses can reap by leaning into SCA requirements:

  • Reduced instances of financial fraud and better account security
  • Standardization throughout the market which, in turn, results in better user experience
  • Enabling a dependable standard for third-party providers
  • Reduced solution costs as a result of standardization
  • Boosted levels of customer trust

What Does SCA Mean for Customers?

Strong Customer Authentication requirements are applied to millions of daily transactions that customers make both online and using mobile apps. When carrying out a transaction using SCA, customers are required to provide two separate forms of identification. These can be taken from several factors of verification: what you know, what you have, and what you are.

The graphic below maps out some of the options for each authentication factor — these are the options for businesses to add to their applications and for customers to provide while making transactions.

Table with authentication factors explained, three columns, Wultra logo, black background

The introduction and implementation of PSD2 and SCA have also made it clear that certain authentication factors will no longer cut it in terms of security. For example, the requirements laid out by PSD2 have uncovered certain issues related to the SMS OTP method as a form of two-factor authentication in financial services.

An increased awareness around secure authentication methods has motivated banks and financial institutions to move away from outdated forms of authentication and to embrace the more security-centered options required by modern compliance frameworks including SCA.

Wultra’s Solutions for Achieving Strong Customer Authentication

We’re big advocates of achieving and maintaining regulatory compliance. It’s part of what makes our solutions stand out from the crowd, and it’s what we pride ourselves on when working with clients to secure their applications.

For businesses looking to step up their approach to SCA, our comprehensive passwordless authentication solution deliver fast, convenient, and secure access to your digital applications while meeting the strictest regulatory requirements.

Make PSD2 Compliance a Breeze

Fast, convenient payments are a must-have for modern banking services, as today’s tech-savvy customers are ever more demanding. At the same time, both security and regulatory compliance must not be compromised. With Mobile Token, you can make sign-ins and transaction approvals smooth while meeting the PSD2 requirements on SCA. Our solutions allow you to approach Strong Customer Authentication requirements with confidence while keeping the positive experience of your customers at the core of your business’ day-to-day operations.

Related articles


get in touch

Consider partnering with Wultra to meet compliance standards, deliver a secure and seamless user experience, and deliver additional value to your customers while improving your bottom line.

Ondřej kupka
Picture of Account Executive Ondrej Kupka
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.