What is SCA and why is it needed?
As a payment institution, Holvi is acting in the highly regulated field of financial services and therefore changes in legislations and regulations apply to us.
The Second Payment Services Directive 2 (PSD2) is a set of regulations enforced on 13 January 2018, applying to all financial services within the European Union and its effects are being enforced gradually.
The directive aims to:
- Enhance security through new requirements for Strong Customer Authentication (SCA)
- Promote competition through creating new third-party service providers, thus increasing the range of services available to consumers
- Enable these third-party access to account information with the users consent, providing a framework for new payment and account services
For the technical nature of the directive, PSD2 mandated the European Commission to give further technical standards on some issues regulated in the directive. These standards are known as the Regulatory Technical Standards (RTS). Enforceable on 14.9.2019, these standards emphasise payment security by requiring Strong Customer Authentication (SCA). Stronger requirements for customer authentication were enacted to make online payments more secure by protecting the confidentiality of the authentication data.
What does Strong Customer Authentication mean in practice?
The new legislation (PSD2) and it’s technical standards (RTS) emphasise payment security through Strong Customer Authentication (SCA). Increased requirements for financial service providers ensure it’s you accessing your account or making a payment.
In practice, SCA involves the use of two or more of the following elements, which meet the criteria for strong authentication:
- knowledge (something that only the user knows),
- possession (something that only the user possesses)
- inherence (something that user is)
When must Strong Customer Authentication be used?
SCA is required when you:
(1) access your payment account online;
(2) initiate an electronic payment transaction;
(3) carry out any action through a remote channel which may imply a risk of payment fraud or other abuses.
How will the SCA affect me and what should I do?
Starting at 14.09.19 you should use SCA when:
You login to your account
In case you can not remember your password, please reset it here.
We advice you to go through SCA with the help of the free Holvi mobile application. With the app, you can authenticate your logins and payments with a passcode, fingerprint or facial recognition.
The Holvi Mobile App is free and available for both Android and iOS.
The app will be connected to your Holvi profile with an SMS – Please make sure that your registered phone number at Holvi is up-to-date!
Please Note: For security reasons, a maximum of 5 devices can be connected to your Holvi account.
What if I am not able to install the Holvi App?
As a digital payment service provider we continuously aim to improve and expand our mobile services. For this reason, our Holvi Mobile App is not only used as a fast and secure way to log in to your account and verify payments as part of the strong customer authentication (SCA), but it is also a key part of our product and required to use your Holvi account.
If you are not able to install and use the Holvi Mobile App, you are unfortunately unable to open an account. You can continue opening the account once you are able to use the Holvi Mobile App.