Okay LogoOkay Logo

SCA industry challenges

24/01/2020

artifact

When implementing Strong Customer Authentication (SCA), most organisations come across a number of challenges. Through discussions with different actors in the PSD2 SCA industry, some issues have emerged that are shared across the industry, regardless of company size or whether you are an incumbent or challenger bank.

We have put together a list of the 8 SCA challenges that we will be diving deeper into. Over the next 8 weeks, we will be dedicating one blog post per week to these challenges. 

Challenge 1 | SCA Security and 2FA

While it is easy to think that PSD2 and SCA boils down to 2nd-factor authentication and dynamic linking, the fact is that the security requirements in the RTS reaches further than that. There are strong requirements for security that protects not only the authentication itself but also the authentication process. This is an aspect of the RTS that tends to be overlooked, especially by the business-centric part of issuer organisations. 
Read more about SCA Security and 2FA >>

Challenge 2 | The taxonomy of SCA mechanisms

There are many mechanisms in work throughout the SCA process. PC-smartphone authentication, low bandwidth, and other constraints are some of the elements that are causing headaches. Looking at the authentication path from an end-user perspective, we dive deeper into these elements and the challenges they pose. 
Read more about the taxonomy of SCA mechanisms >>

Challenge 3 | SCA for low-tech phone users and fallbacks

Even though most people use smartphones with proper Internet access these days; however, some users will continue to use their low-tech phones, and bandwidth will be an issue from time to for any user. The challenge of how to ensure RTS SCA compliance for low-tech phone users, or when the bandwidth fails, is something all issuers will have to face. Ensuring the user experience for these users is important even though they represent a small percentage of total users. But how do we solve these issues? 
Read more about SCA for low-tech phone users >>

Challenge 4 | The mobile OS headache

A vast majority of mobile users do not have an updated OS on their phones. Either they neglect to perform the necessary updates or the manufacturers stops supporting OS updates on the device. This is a major issue, especially among Android users, and creates a permanent security risk. What implication does that have for SCA compliance and which strategies would be best suited for managing security for this user base?
Read more about the mobile OS headache >>

Challenge 5 | Innovative malware attacks

Malware is probably the most innovative type of attack that SCA solutions should shield from. However, these types of attacks are hard to predict due to their innovative nature. How can we best predict where the next attack is coming from? And, how can we neutralise these attacks?
Read more about innovative malware attacks >>

Challenge 6 | The cost of SCA integration

Implementing an SCA solution can be very costly. Some solutions might be costly by themselves, and then there is the cost of the actual implementation. It all adds up. Is it possible to take part of the cost out of the equation? And, how can you cope with the potential SDK “spaghetti plate”?
Read more about the cost of SCA integration >>

Challenge 7 | Enrolment and re-enrolment

The enrolment and re-enrolment are critical stages in the SCA process. There are many ways of enrol or double-check the enrolment of a user, and this is critical to the security of the authentication. How can it be done? And how can it be done with a mobile-only solution?
Read more about SCA enrolment and re-enrolment >>

Challenge 8 | SCA for corporate transactions

SCA was designed to protect individuals. However, corporations wiring funds are more likely to be targeted by hackers. How can we protect a corporate transaction? From starting the transaction on a treasurer’s PC to a CFO’s mobile phone for approval on the move. Can it be done in a PSD2 SCA compliant way? 
Read more about SCA for corporate transactions >>

These are the challenges we are facing each day, and that we constantly working on handling in the Okay SCA solution. Are you facing any particular challenges? Please let us know