REDUCE FRICTION and COMPLY WITH PSD2 SCA
Our solutions help ensure compliance with PSD2 SCA, reduce abandonment, and improve control
What is PSD2 Strong Customer AuthenticatIon (SCA)?
PSD2 Secure Customer Authentication (SCA) is a set of provisions protecting consumers within the EU. The requirement for SCA within PSD2 only became officially mandated in December of 2020. The PSD2 SCA provision specifically requires authentication using at least two of the following three factors:
• Knowledge: Something the cardholder knows, such as a password or PIN
• Possession: Something the cardholder has, such as a token or mobile phone
• Inherence: Something the cardholder is, such as a fingerprint or facial recognition
PSD2 SCA also requires dynamic linking, or tying the authentication tokens to the specific payment amount and payee. This provision requires the relying party to:
• Verify the transmission of data with strong authentication
• Guarantee the confidentiality and integrity of the transmission
• Enable the cardholder to see the data and its authorization
Complying with PSD2 SCA requires verifying at least two methods of authentication. The FIDO protocol enables issuers, merchants and payment service providers (PSPs) to comply with SCA.
HOW DOES STRONGKEY HELP WITH PSD2 SCA?
FIDO IS THE BEST MFA METHOD FOR SCA
Develop and maintain secure systems and applications
- We provide standard FIPS 140-2 Level-2 certified cryptographic hardware module, or optional FIPS 140-2 Level-3 certified hardware module for the strongest key management from an open-source solution.
- Standard FIPS 140-2 Level-1 certified cryptographic software interacting with cryptographic hardware
- Automatic key rotation for protecting cardholder data (CHD) while your applications continue to service applications, non-stop
Protect stored cardholder data
- We encrypt and tokenize sensitive card-holder data, enabling you to meet PCI DSS sensitive data handling requirements.
- Keep your core cryptographic keys secret with FIPS 140-2 Level certified cryptographic modules; “M of N” Key Custodian control of hardware-protected keys.
HOW DOES FIDO COMPLY WITH THE PSD2 SCA REQUIREMENT?
FIDO — Authenticator with private key
FIDO — PIN
FIDO — Biometrics
The signed response
Authenticator signs the hash — challenge, amount, and payee