The 2nd European Payment Services Directive (PSD2), which comes into effect on 14 September 2019, is a set of changes that regulates electronic payments across the EU and consequently affects all involved parties (Payment Services Providers, Merchants, Consumers). PSD2 requires, among others, enhanced measures to improve the security level of electronic payments in order to further protect the user of payment services from potential fraud. Under this scope, a new requirement for Strong Customer’s Authentication (SCA) is introduced.
SCA requires authentication to use at least two of the following three elements:
- SOMETHING THE CUSTOMER KNOWS (e.g., password or PIN)
- SOMETHING THE CUSTOMER HAS (e.g., phone or hardware token or OTP)
- SOMETHING THE CUSTOMER IS (e.g., fingerprint or face recognition)