What is strong customer authentication (SCA)?
Strong customer authentication is a security requirement under the EU Payment Services Directive (PSD2) that aims to reduce the risk of fraud and increase the security of online payment transactions. It requires financial institutions (FIs) to use at least two independent authentication methods to verify the customer's identity when they make an online payment.
This can include something the customer knows (such as a password), something the customer has (such as a phone or a security token), or something the customer is (such as a fingerprint).
Read more about PSD2
Why is strong customer authentication important?
By using multiple forms of authentication, SCA makes it more difficult for fraudsters to impersonate the customer and complete a fraudulent transaction. This helps protect both Fls and customers from fraud's costly and disruptive effects. SCA is also important for ensuring compliance with regulatory requirements and maintaining the trust of customers in the online payment process.
Challenges of implementing strong customer authentication
While strong customer authentication is an important measure for fraud detection in banking and ensuring compliance, it can also present some challenges for Fls, such as:
- Compatibility with existing systems: SCA may require Fls to change their existing systems and processes to support the use of multiple authentication methods.
- Complexity for customers: Multiple authentication methods can add extra steps to the payment process, which some customers may perceive as complex or inconvenient.
- Integration with third-party services: If a merchant uses third-party payment or billing services, they may need to ensure that these services are compatible with SCA and can support the required authentication methods.
To address these challenges, Fls may need to invest in new technology or work closely with their digital banking and payment service providers to ensure a smooth transition to SCA.
3 factors why digital banking is on the rise with SCA
Digital banking is on the rise with the implementation of strong customer authentication because:
-
Increased security: SCA provides a high level of security for online payments, reducing the risk of fraud and unauthorized transactions, which makes customers feel more secure about using digital banking services.
-
Convenience: With the widespread adoption of mobile devices and the internet, digital banking offers customers the convenience of being able to manage their finances from anywhere, at any time.
-
Better user experience: Digital banking platforms can provide a more intuitive and user-friendly experience, with real-time notifications and budget tracking features.
Overall, implementing SCA in digital banking helps build trust in the security of online payments, making digital banking an increasingly popular choice for customers.
Also, you can find more information about SCA for online payment.
Meeting the needs of FIs
Numerous digital channels and mass adoption of mobile banking mean FIs are facing a dramatic increase in cyber-attacks.
Phishing, account takeover and social engineering are just a few of the ways in which fraudsters constantly challenge security measures.
It’s hard work to stay ahead while maintaining a seamless user experience.
Yet ensuring the best UX is vital.
FIs must reduce friction for their customers and offer a convenient and secure digital banking experience while making sure they comply with the latest security regulations, such as PSD2 in the EU.
FIs worldwide have relied on Thales’ security solutions for decades to protect access to their digital services. Our wide range of server- and client-based solutions for digital banking meets FIs’ security, functional and regulatory needs and allows them to protect their customers and provide them with a convenient user experience when accessing services.
We now offer our strong customer authentication (SCA) solution as a cloud-based managed service. With Gemalto IdCloud for Access, we can provide the same security and convenience for your digital services much faster, more flexibly and cost-efficiently while also adding risk management services for increased security and usability through risk-based authentication (RBA).
Best-in-class components
Our offer of cloud-based security services for financial institutions includes:
Authentication server
Thales Gemalto Confirm Authentication Server (CAS) is the heart of the world’s most versatile, scalable, and secure authentication solution dedicated to protecting digital banking with multi-factor authentication (MFA).
Mobile biometric authentication
Thales Gemalto Mobile Protector SDK integrates into the financial institution mobile applications to provide application hardening and API access to the backend components of Gemalto IdCloud. It also combines facial and fingerprint biometrics natively supported by the mobile device.
Out-of-Band mobile authentication
Thales Gemalto Mobile Secure Messenger is an out-of-band server and a mobile SDK allowing FIs to turn any smartphone into a universal key, unlocking access to all banking channels and digital services.
Answering a growing market demand
Gemalto IdCloud for Access meets the needs of agile, fast-paced neobanks and fintechs that work with short timelines and limited resources. We can deliver fully functional SCA services integrated with your digital services and mobile applications in weeks rather than months.
- For some, cost efficiency is the main driver for adopting cloud services.
- For others, it's an opportunity to become more agile and scalable.
Regardless of your aims, we help you improve time to market for secure implementation and deployment of new services, which is critical to compete in this digital age.
Risk management to recognise your 'good' users
Risk management services are at the heart of our cloud platform to secure and enhance access to digital banking services. They allow FIs to assess every online banking session in real-time to evaluate the risk, select the most appropriate authentication method, and then allow the transaction, block the transaction or challenge the customer with a step-up authentication.
All are running unobtrusively in the background to provide the best end-user experience. This is called risk-based authentication (RBA).
The technologies used for RBA harness the power of four layers of intelligence. Each layer analyses anomalous activities from different perspectives to identify high-risk ones before any damage occurs.
Learn more about our cloud-based risk management services here.
A smooth transition from OATH to FIDO Passkeys
Most financial institutions (FIs) implementing Strong Customer Authentication (SCA) use OATH technology.
The next step in the evolution of digital banking authentication is FIDO and passkeys.
Embedded platform authenticators will greatly improve the user experience, and a passwordless future is within reach. We are certain that FIDO will replace OATH as the de facto standard.
This means that FIs have to make another technological migration. Gemalto IdCloud supports both technologies and is FIDO2 certified, plus we have the experience to help with these migrations.
We understand the importance of ensuring continuity of service and preventing any disruption or friction for end users.
As mentioned above, we advise further enhancing security by adding RBA during this migration.
Regulatory compliance and security certifications
Gemalto IdCloud is the perfect answer to the new security requirements of regulations such as PSD2 and FFIEC. It enables FIs to meet the PSD2 requirements for SCA and dynamic linking and to offer real-time monitoring of the authentication and transaction process risk, as required by the regulatory technical standards (RTSs) of PSD2.
Complex security policies can be defined, based on the level of risk, the type of transaction and the user profile, as the FFIEC recommends. It also helps you to meet the requirement for stronger risk management to fight the increasing number of cyber-attacks and growing levels of fraud.
Data privacy regulations such as the GDPR in Europe and CCPA in the US are becoming more stringent. These can be a real challenge to comply with if data has to be processed by several different vendors for risk assessment. Gemalto IdCloud has been designed to be GDPR and CCPA-compliant.
OTP authentication and signature devices
Even if most users today rely on their mobile phones to access and authenticate digital banking services, certain groups of users or specific use cases may require a physical one-time password (OTP) token or authentication device. We have a wide range of connected and unconnected devices that effectively meet the multi-factor authentication security requirements for 'something you know' and 'something you have'.
One cloud platform to secure onboarding and access to digital banking
One cloud platform to secure onboarding and access to digital banking
Our cloud-based managed services enable FIs to combine identity-proofing and strong customer authentication to secure onboarding and digital banking access.
Risk management further increases security and enhances the customer experience with identity affirmation and risk-based authentication.
With one single platform.
The evolution of SCA leading up to Fido Passkeys
In this 4 parts of blog series, you can learn more about:
- The Evolution of Digital Banking Authentication
- The Digital Banking Revolution
- FIDO and Passkeys will rock the digital world
More resources on Strong Customer Authentication
• Thales Gemalto IdCloud
• Thales Gemalto IdCloud for Onboarding
• Risk management services with Gemalto IdCloud
• Thales Gemalto Confirm Authentication Server
• Thales Gemalto Mobile Authentication Suite
• OTP authentication and signature devices
• Understand the PSD2 regulation
• Neobank goes digital first with Gemalto IdCloud
Documents
Why passwordless authentication is the future for digital banking?
Check out this infographic to discover how passwordless authentication with passkey is the future of authentication.
Read our infographic on PasskeysHow to secure onboarding and access to digital banking services – with the customer experience in focus
A Gemalto IdCloud solution paper
Discover our solution paperThales Gemalto IdCloud
One cloud platform to secure the digital banking journey
Gemalto IdCloud [PDF - 1mb]Thales Gemalto IdCloud for Access
Cloud based strong customer authentication and flexible risk management to secure access to digital banking services
Gemalto IdCloud for Access [PDF - 2 mb]Understand PSD2 compliance and discover PSD2 solutions
Read our white papers to understand the latest implications of PSD2 for the banking and payment landscape in Europe.
Download the whitepapers