Skip to main content
The Signicat Blog
Simone Andersson

Customer Success Manager, Signicat

Payments and data regulation: The race to compliance with PSD2

There are different ways to meet SCA regulation—providers need to balance security and the user experience. There are worries that poor SCA solutions will cost merchants billions in abandoned transactions. But that doesn’t need to be the case, as Signicat's SCA solution fulfils security needs and regulatory demands without compromising great user experience.

# What is Strong Customer Authentication?

PSD2 regulation took effect in January 2018, aiming to enhance consumer rights and reduce rampant online fraud.

A key element of PSD2 is the introduction of Strong Customer Authentication (SCA). To help prevent fraud, all financial transactions involving EU participants are required to have 2-factor authentication unless specifically exempted.

The deadline for SCA has been subject to numerous delays, but for most of Europe the end of 2020 is a final deadline, with an extension already ruled out.

"Consumers are becoming accustomed to the convenience of literally everything being just a couple of clicks away, in an app. But compliance vs. user experience doesn't need to be a tradeoff."

Report: Can Strong Customer Authentication and User Experience be friends?
Read the report

# What meets SCA requirements?

The payment journey is changing. To be on the right side of the law, PSD2 now requires the use of two independent sources of validation, commonly known as 2-factor authentication (2-FA). A password or PIN alone is no longer enough.

SCA requires authentication to use at least two of the following three independent elements:

  • Something the customer knows – e.g. a PIN-code
  • Something the customer has – e.g. mobile device or credit card
  • Something the customer is – biometric fingerprint or face-ID

In addition to secure authentication dynamic linking is required. Dynamic linking means that the payer has visibility of the amount, payee and context of the payment at the time of authorisation. This information needs to be securely transmitted between company and their customers

There are some exemptions for specific types and sizes of payments. All other payments require 2-FA and dynamic linking. Payments that do not meet PSD2 security criteria will be declined. Most card payments and all bank transfers require SCA.

# How Signicat meets SCA requirements

Signicat brings authentication and secure communication to mobile. The SDK from Signicat ensures businesses deliver a seamless and secure digital in-app experience across all service channels, providing a consistent single view of your customer. Transactions can be initiated in any channel and authorised conveniently on the customer’s own mobile device.

There is much more than what meets the eye in Signicat’s layered security approach. The approach we call the “security onion” – we detect, defend and react to all types of threats that might otherwise put a valuable transaction at risk. To achieve this, we continuously add new and advanced security technology layers to our SCA solution.

Signicat's SCA solution is trusted by major regulated institutions across Europe and has won numerous industry awards.