In the realm of PSD2, there is yet another three-letter abbreviation which is super important. SCA or Strong Customer Authentication is a cornerstone pillar which allows open banking in the EU and the whole PSD2 conceptual nature to be brought into the real world. In this article, we will focus on why it is one of the most important PSD2 requirements and what exactly is SCA. So, let’s begin!
Introduction to SCA
Strong Customer Authentication is the core principle that is developed and created to ensure the security and transparency of every transaction that happens digitally. PSD2 requirements clearly disclose how a customer should be authenticated and thus, developers and the banks have to follow the rules and ensure that their solutions are tamper-proof.
The factors which allow banks and TPPs (Third Party Providers) to identify and authenticate a transaction are inheritance, knowledge, and possession. Let’s look at them one by one.
Inheritance – seemingly impossible to hack, yet difficult to manage
Inheritance is the term given to information and data, related to the personal identification of an individual, that’s inherited. This is usually used to refer to biometric data, such as fingerprints, facial features, voice or eye recognition, etc.. Most service providers employ only facial recognition and fingerprint scanners for authentication through inheritance. Storing and analyzing such data is very expensive, hence the current implementation is quite limited.
Possession – the connection between all three factors
Possession refers to a belonging that can be used for authentication. For the most part, when it comes to financial transactions this is usually a mobile phone or something like a password generator, given by the bank. This is something that’s given and owned by the person and is in their possession with authorized access and passwords to their bank services. It’s usually a device that’s used for password input or fingerprint scanning.
Knowledge – make sure to secure it
Knowledge is the data or information that only that person should be aware of. This refers to passwords or PIN codes. Even though they are meant to be secured and private, PINs and passwords are actually the easiest ones to hack and compromise. This is why the authentication is done with any two out of three factors and compromising a password won’t automatically allow a hacker or cybercriminal to access your account.
Is SCA really successful and what’s the future looking like?
SCA can be labeled as an advanced and very secure type of multi-Factor authentication. It isn’t the most unique conceptual idea in the world but it is definitely amongst the best-fulfilled ones.
Right now, SCA is the cornerstone that allows open banking to flourish under the new PSD2 requirements. Since around 90% of people own smartphones (in the EU) and have access to the internet, this concept is fully accessible to 90% of the EU population. We are at a time when this technology can be embraced and put to good use!
Story by Umair Marry
Share
Contributors
