SCA (Strong Customer Authentication)

Goals

Gain an understanding of SCA (strong customer authentication), a new security standard that is being implemented by the EU for banks and other financial services companies, including the baseline experience EU customers expect, how banks are implementing one time passwords and security questions, and other safeguards and ways banking institutions are implementing these new requirements

Early Findings

  • According to one source, approximately 41% of European banks had failed to meet the guidelines by March 2019, likely leading to the extension.
  • The goal of Strong Customer Authentication (SCA) is “ensuring that payments across the EU are secure, easy and efficient.”
  • Many banks are working alongside merchants and vendors to help them navigate the shifts, and migrate to authentication practices that are compliant with SCA.
  • For example, JP Morgan is working closely with their European merchants to ensure they incorporate authentication practices that are compliant with SCA.
  • Digital banks are also updating their processes. For example, digital bank Monzo started asking users to prove their identify via entering their PIN, and using Face ID or Touch ID on an iPhone or their fingerprint on Android.
  • Merchants are incorporating at least two of the three following elements to meet SCA standards;
  • ""Something you know, the KNOWLEDGE Element (e.g., password or PIN) b)“Something you have”, the POSSESSION Element (e.g., phone or hardware token) c)“Something you are” the INHERENCE Element (e.g., fingerprint or face recognition) This element consists of measuring data related to the physical properties, physiological characteristics or behavioral processes of the body."
  • Some transactions are exempt; for example, card details collected over the phone and transactions below €30.

Proposed next steps:

You need to be the project owner to select a next step.