Understanding PSD2 RTS SCA Compliance

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Regulatory compliance related to Strong Customer Authentication (SCA) can be one of the most demanding tasks for any Payment Service Provider (PSP), yet it is nonetheless required. It should be done during the signup process of new customers, but perhaps most importantly, when making payments.

This and other requirements come from the EU’s Payment Services Directive 2 (PSD2) Regulatory Technical Standards (RTS). The first requirement for authentication is to have two out of three authentication elements: possession, knowledge or inherence.

With the rise of smartphones, however, there are some additional requirements that have come into play. First, the PSP is required to use a separate secure execution environment through the software installed on the device and there should be mechanisms to ensure that the software or device has not been altered by the payer or third party.

In our eyes, the PSD2 background serves as a wish to open the payment market up in the same way that European mobile phone markets opened throughout the 1990s. And we believe the PSD2 does increase the European payment market’s competitiveness. However, it is also important to note that by opening the market up to new technology, the market also becomes more susceptible to new types of crime and fraud.

Read the full article at okaythis.com/blog.

Who is Okay?

Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2’s SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit okaythis.com.

More To Explore