While it is easy to think that PSD2 and SCA boils down to 2-factor authentication and dynamic linking, the security requirements in the RTS reaches much further than that. There are strong requirements for security that protects not only the authentication itself, but also the authentication process. This is an aspect of the RTS that tends to be overlooked, especially by the business-centric part of issuer organisations. 

Read more about SCA Security and 2FA >>

There are many mechanisms at work throughout the SCA process. PC-smartphone authentication, low bandwidth, and other constraints are some of the elements that are causing headaches. Looking at the authentication path from an end-user perspective, we dive deeper into these elements and the challenges they pose. 

Read more about the taxonomy of SCA mechanisms >>

Even though most people use smartphones with proper Internet access, some users will continue to use their low-tech phones with bad bandwidth. That is why the challenge of how to ensure RTS SCA compliance for low-tech phone users, or when the bandwidth fails, is something all issuers will have to face. Of course, ensuring the user experience for these users is important even if they represent just a small percentage of total users. But how do we solve these issues? 

Read more about SCA for low-tech phone users >>

A vast majority of mobile users do not have an updated OS on their phones. Either they neglect to perform the necessary updates, or the manufacturers stops supporting OS updates on the device. This is a major issue, especially among Android users, and creates a permanent security risk. What implication does that have for SCA compliance, and which strategies would be best suited for managing security for this user base?

Read more about the mobile OS headache >>

Malware is probably the most innovative type of attack that SCA solutions should shield from. However, these types of attacks are hard to predict due to their innovative nature. How can we best predict where the next attack is coming from? And, how can we neutralise these attacks?

Read more about innovative malware attacks >>

Implementing an SCA solution can be very costly. Some solutions might be costly by themselves, but then there is the cost of the actual implementation. Is it possible to take part of the cost out of the equation, and, how can you cope with the potential SDK “spaghetti plate”?

Read more about the cost of SCA integration >>

The enrolment and re-enrolment stages are critical in the SCA process. There are many ways to enrol or double-check the enrolment of a user, and this is critical to the security of the authentication. How can it be done? How can it be done with a mobile-only solution?

Read more about SCA enrolment and re-enrolment >>

SCA was designed to protect individuals. However, corporations wiring funds are more likely to be targeted by hackers. Whether starting the transaction on a treasurer’s PC, or using a CFO’s mobile phone for approval on the move, how can we protect a corporate transaction? Can it be done in a PSD2 SCA compliant way?

These are the challenges we are facing each day, and that we constantly working on handling in the Okay SCA solution. Are you facing any particular challenges? Please let us know. 

Read more about SCA for corporate transactions >>