What is SCA and why is it needed?
The Second Payment Services Directive 2 (PSD2) is a set of regulations enforced on 13 January 2018, applying to all financial services within the European Union and its effects are being enforced gradually.
The directive aims to:
- Enhance security through new requirements for Strong Customer Authentication (SCA)
- Promote competition through creating new third-party service providers, thus increasing the range of services available to consumers
- Enable these third-party access to account information with the users consent, providing a framework for new payment and account services
For the technical nature of the directive, PSD2 mandated the European Commission to give further technical standards on some issues regulated in the directive. These standards are known as the Regulatory Technical Standards (RTS). Enforceable on 14.9.2019, these standards emphasise payment security by requiring Strong Customer Authentication (SCA).
Stronger requirements for customer authentication were enacted to make online payments more secure by protecting the confidentiality of the authentication data.
What does Strong Customer Authentication mean in practice?
The new legislation (PSD2) and it’s technical standards (RTS) emphasise payment security through Strong Customer Authentication (SCA). Increased requirements for financial service providers ensure it’s you accessing your account or making a payment.
In practice, SCA involves the use of two or more of the following elements,which meet the criteria for strong authentication:
- knowledge (something that only the user knows),
- possession (something that only the user possesses), and
- inherence (something that user is).
When must Strong Customer Authentication be used?
SCA is required when you:
(1) access your payment account online;
(2) initiate an electronic payment transaction;
(3) carry out any action through a remote channel which may imply a risk of payment fraud or other abuses.
How will Holvi follow the regulation and keep our customer payments safe?
Throughout September, Holvi will implement the required changes to support Strong Customer Authentication. The SCA process will be done with the help of the free Holvi mobile application. With the app, customers can authenticate their logins and payments with a passcode, fingerprint or facial recognition.
To ensure smooth and secure access to their payment accounts, all customers are asked to install the Holvi App as soon as possible. The App is free and available for both Android and iOS:
What if I am not able to install the Holvi App?
In case you can not download the Holvi app due to location restrictions or the version of your operating system on your phone, you might not be able to install the Holvi App. In this case, Holvi will offer an alternative SCA method by using a time-based one time password (TOTP) application, Google Authenticator.
Google Authenticator is a software-based authenticator that implements two-step verification services using time based authentication algorithms to ensure safe mobile authentication.
In practice, this will involve entering a one-time passcode (OTP) that will be delivered to your mobile device, triggered by a login or a payment. This combination verifies that when entering login data to our site you are actually in possession of the device to which the Google Authenticator app is downloaded.
At Holvi, we will inform our customers on how to set up the TOTP application to connect to their Holvi account.