Strong customer authentication has arrived

On 14 September, as part of the Payment Services Directive 2 (PSD2) entering into force, strong customer authentication (SCA) will be introduced in Hungary.

Szilvia Egri
strategic analyst
FinTech Group Kft. and
Azonnali Fizetés
Szolgáltató Centrum

This will entail changes in e-commerce, and the two-factor authentication of transactions will change the process of online payment for consumers. Currently the process of card payment consists of two steps: allowing the payment to go ahead and debiting the account behind the card. With SCA a third step is added, authentication, which seeks to strengthen transaction security.

On 21 June 2019 the European Banking Authority (EBA) gave an opinion on the elements of SCA.

1. Inherence – biological characteristics of the user: EBA mentions fingerprint check, voice identification, vein scanning, hand and facial analysis, etc. that can be used to identify the customer.

2. Possession-based factors: Possession doesn’t only refer to physical possession, but may also refer to virtual things (e.g. an app downloaded). Some of the possession-based factors approved by EBA are the following: the generation of a one-time password (OTP), whether generated by a piece of software or by hardware, a card or device authenticated by a QR code reader, etc.

3. Knowledge-based authentication factors: a password, a PIN, knowledge-based responses to challenges or questions, a passphrase or a memorised swiping path.