Over the late spring and summer of 2018, I published a three part series of postings that go into some detail the Strong Customer Authentication (SCA) on the European Union's European Banking Authority (EBA) directive called PSD2. More specifically, this three-part series covers all aspects of PSD2 SCA.
In part 2 of this series, we go deeper into the limitations and specific regulations that SCA implementers must consider: details around authentication codes, dynamic linking of the transactions, and channel independence.
In part 3 of this three-part series, we outline some SCA implementation options that should satisfy the requirements outlined in the RTS, as well as some places to find more information.
As we publish this consolidation, the PSD2 SCA deadline is just under 1 year away (September 2019). It is time now to consider PSD2 SCA implementation methods and begin implementing them. We hope that the information in this series will be useful.