REDUCE FRICTION and COMPLY WITH PSD2 SCA

Our solutions help ensure compliance with PSD2 SCA, reduce abandonment, and improve control

Fast, frictionless, FIDO-secured payment processing with an easy API. Open source. Flat fees.

What is PSD2 Strong Customer AuthenticatIon (SCA)?

The European Union’s Revised Payment Services Directive (PSD2) is legislation meant to regulate payment services and increase competition within the European Union. PSD2 went into full effect in September 2019.

PSD2 Secure Customer Authentication (SCA) is a set of provisions protecting consumers within the EU. The requirement for SCA within PSD2 only became officially mandated in December of 2020. The PSD2 SCA provision specifically requires authentication using at least two of the following three factors:

• Knowledge: Something the cardholder knows, such as a password or PIN
• Possession: Something the cardholder has, such as a token or mobile phone
• Inherence: Something the cardholder is, such as a fingerprint or facial recognition

PSD2 SCA also requires dynamic linking, or tying the authentication tokens to the specific payment amount and payee. This provision requires the relying party to:

• Verify the transmission of data with strong authentication
• Guarantee the confidentiality and integrity of the transmission
• Enable the cardholder to see the data and its authorization

Complying with PSD2 SCA requires verifying at least two methods of authentication. The FIDO protocol enables issuers, merchants and payment service providers (PSPs) to comply with SCA.

HOW DOES STRONGKEY HELP WITH PSD2 SCA?

Reduce Friction

FIDO passwordless authentication offers a method of single-gesture two-factor authentication for a frictionless and fast authentication experience that meets PSD2 SCA requirements and integrates with EMVCo's 3DS2

Lower Costs

StrongKey's open source software has no per-user or per-transaction fees, reducing the cost of development, integration, and operations

Reduce Fraud

StrongKey’s FIDO® Certified FIDO2 Server simplifies the integration of SCA to eliminate phishing breaches and reduce transaction fraud

Compliance and Control

StrongKey enables merchants to maintain control over the authentication user experience StrongKey while enabling compliance with PSD2 SCA, FIPS 140-2, GDPR, CCPA, PCI DSS, and HIPAA

FIDO IS THE BEST MFA METHOD FOR SCA

WHAT IS STRONG CUSTOMER AUTHENTICATION FOR PSD2?
PCI DSS Requirement 6:
Develop and maintain secure systems and applications
  • We provide standard FIPS 140-2 Level-2 certified cryptographic hardware module, or optional FIPS 140-2 Level-3 certified hardware module for the strongest key management from an open-source solution.
  • Standard FIPS 140-2 Level-1 certified cryptographic software interacting with cryptographic hardware
  • Automatic key rotation for protecting cardholder data (CHD) while your applications continue to service applications, non-stop
PCI DSS Requirement 3:
Protect stored cardholder data
  • We encrypt and tokenize sensitive card-holder data, enabling you to meet PCI DSS sensitive data handling requirements.
  • Keep your core cryptographic keys secret with FIPS 140-2 Level certified cryptographic modules; “M of N” Key Custodian control of hardware-protected keys.

HOW DOES FIDO COMPLY WITH THE PSD2 SCA REQUIREMENT?

REQUIREMENT — POSSESSION
FIDO — Authenticator with private key
REQUIREMENT — KNOWLEDGE
FIDO — PIN
REQUIREMENT — INHERENCE
FIDO — Biometrics
REQUIREMENT — AUTHENTICATION CODE
The signed response
REQUIREMENT — DYNAMIC LINKING
Authenticator signs the hash — challenge, amount, and payee