Skip to content
Baseella
  • Home
  • Features
  • About
  • Pricing
  • Contact
Schedule a demo
Schedule a demo
  • Home
  • Features
  • About
  • Pricing
  • Contact
Baseella
  • Home
  • Features
  • About
  • Pricing
  • Contact
Baseella
  • Home
  • Features
  • About
  • Pricing
  • Contact
Schedule a demo
Schedule a demo
  • Home
  • Features
  • About
  • Pricing
  • Contact
Baseella
  • Home
  • Features
  • About
  • Pricing
  • Contact
Modern core banking system happy robot

Core banking and payments technology

11
  • What is a Core Banking System? 7 Key Features
  • What are Legacy Core Banking Systems? The Complex Nightmare
  • What are the key advantages of using a SaaS cloud-based banking system? Top 7 reasons why to avoid developing your own
  • Is using an open-source technology in core banking software development safe and secure? 
  • What are the advantages of using an open-source database in modern cloud-based whitelabel bank software? 
  • What advantages RESTful API has over SOAP API?
  • How does the use of GraphQL Federation enhances RESTful APIs?
  • Key principles and advantages of the microservices architecture in payment software solutions
  • What are the benefits of integrating container and orchestration technologies such as Docker and Kubernetes into the deployment of cloud-based software for bank systems?
  • What are the typical security measures undertaken by the cloud core banking systems developers to address the security concerns of financial institutions?
  • What is required of the SaaS cloud-based core banking software to enable the financial institutions to provide banking as a service or a superapps?
Modern core banking system happy robot

Regulations and compliance

11
  • What is PCI DSS? The best explanation
  • What are the key concerns when choosing the core banking system from the perspective of regulatory compliance?
  • What is Open Banking, and why do banks, payment institutions and e-money institutions in the EU must publish Open Banking API?
  • What is strong customer authentication (SCA) regulatory technical standard (RTS)?
  • Can push notifications be considered compliant with SCA RTS?
  • Why is it important to use multi-factor authentication (MFA) when accessing a cloud-based core banking system?
  • Why is it essential to have comprehensive user management in the banking software?
  • Why is it important for the modern cloud-based core banking system to be built around a general ledger and have a chart of accounts?
  • Is it possible to obtain necessary information for regulatory reporting if an institution uses a core banking system with no general ledger and chart of accounts?
  • Why is there a need for customer risk scoring and transaction risk scoring?
  • Why is it ineffective or even dangerous to outsource the risk scoring from a third party without having it as a part of the cloud-based core banking software?
Modern core banking system happy robot

Banking, payments, and e-money

15
  • What is payment initiation service, and how it can be used?
  • What is a banking superapp and what does it offer?
  • What is banking-as-a-service, or BaaS?
  • What is an Account Servicing Payment Service Provider?
  • Who are Third-Party Providers (TPPs), and what is their role?
  • What is Account Information Service, and how it can be used?
  • What is Original Credit Transaction (Visa and Mastercard) and how is it used in payments?
  • What is SEPA, and what types of payment transactions it facilitates?
  • What is Step2 and what types of payment transactions it supports?
  • What is Target2, and what types of payment transactions it supports?
  • What is Faster Payments (UK), and what types of payment transactions it supports?
  • What is Bacs, and what kind of payments it supports?
  • What is NACHA (USA), and what types of payments it supports?
  • What is SWIFT, and what types of payments it supports?
  • What is a correspondent bank, and what is its role in payments?
View Categories
  • Home
  • Knowledge Base
  • Regulations and compliance
  • What is strong customer authentication (SCA) regulatory technical standard (RTS)?

What is strong customer authentication (SCA) regulatory technical standard (RTS)?

2 min read

What is strong customer authentication person as a SCA

In the shifting world of digital finance, regulatory oversight plays a crucial role in keeping online transactions secure. A central pillar of this framework, under the Revised Payment Services Directive (PSD2), is the concept of Strong Customer Authentication (SCA). But what is Strong Customer Authentication actually? This innovative method enhances online transaction security, promotes user confidence, and fosters trust within the digital banking landscape. But what exactly is Strong Customer Authentication, and why does it matter?

The Power of Two: Unpacking Two-Factor Authentication #

The two-factor authentication system is at the heart of the SCA RTS, emerging as a powerful tool that elevates the security of online transactions. Unlike conventional methods, two-factor authentication doesn’t rely on a single credential; instead, it leverages a combination of at least two independent elements, thus creating a much more robust security shield.

These elements are smartly distributed into three categories: knowledge, possession, and inherence. The ‘knowledge’ category encompasses something that only the user knows, such as a password or a PIN. ‘Possession’ refers to something the user uniquely has, like a physical token or a smartphone. Lastly, ‘inherence’ considers biometric aspects, including fingerprints, voice recognition, or facial patterns, which are inherently unique to each individual.

Dynamic Linking: Connecting Authentication to Specific Transactions #

Dynamic linking plays an essential role in the SCA RTS, providing an extra layer of security to online transactions. This feature requires the generation of a unique authentication code for every transaction, a procedure which helps to fend off fraudulent activities by ensuring that each authentication data is transaction-specific and can’t be reused.

But dynamic linking isn’t just about transaction-specific authentication codes. It’s also about providing the customer with clear, explicit information about the transaction they are authorising. Before initiating a transaction, the user must be made aware of and consent to the specific parameters of the transaction, like the amount and the payee. This is an essential aspect of dynamic linking, aiming to prevent any miscommunication or misunderstanding that could potentially lead to unintended transactions.

The Art of Risk Analysis: Balancing Security with User Convenience #

One of the truly insightful elements of the SCA RTS is the introduction of Transaction Risk Analysis (TRA). This aspect of the RTS appreciates the fact that not all transactions pose an equal risk of fraud. As such, it permits some degree of flexibility in the application of the stringent SCA requirements.

TRA allows payment service providers to perform an in-depth risk analysis for each transaction. Depending on the outcome of this assessment, the provider may determine that certain transactions pose a minimal risk of fraud. In such cases, they’re permitted to exempt these transactions from the SCA requirements. This might be applicable for instances where a customer regularly pays a familiar payee, or the transaction amount is relatively small.

Prioritising Secure Communication: Encryption and Data Protection #

SCA RTS further emphasises the crucial role of secure communication channels. Whether it’s between the customer, the payment service provider, or third-party providers, robust encryption measures are necessary to maintain data integrity and confidentiality. The inclusion of this requirement underlines the priority given to user data security in the digital banking realm.

Exemptions: Understanding When SCA is Not Required #

Despite the robust security measures, the SCA RTS does provide specific exemptions. These exceptions apply to low-value transactions, recurring payments, contactless payments, or transactions with trusted beneficiaries, where the need for SCA may be deemed unnecessary or impractical. These carefully planned exemptions ensure that SCA requirements do not disrupt or complicate customer experience unnecessarily.

The introduction of Strong Customer Authentication is undoubtedly a monumental step in promoting secure online banking. Balancing robust security measures with user experience, it paves the way for a future where customers can transact online with confidence. By complying with SCA RTS, payment service providers adhere to PSD2 requirements, thus safeguarding the interests of their customers while ensuring a seamless user experience. Wish to learn how Baseella ensures compliancce with the SCA? Reach out to us and discover what is the best approach to the implementation of the SCA within your PayTech and how we can assist you with.

Updated on July 18, 2023
Share This Article :
  • Facebook
  • X
  • LinkedIn
What is Open Banking, and why do banks, payment institutions and e-money institutions in the EU must publish Open Banking API?Can push notifications be considered compliant with SCA RTS?

Powered by BetterDocs

Table of Contents
  • The Power of Two: Unpacking Two-Factor Authentication
  • Dynamic Linking: Connecting Authentication to Specific Transactions
  • The Art of Risk Analysis: Balancing Security with User Convenience
  • Prioritising Secure Communication: Encryption and Data Protection
  • Exemptions: Understanding When SCA is Not Required
Pages

  • Features
  • About
  • Pricing
  • Contact
Resources

  • Knowledge base
  • Blog

Copyright © 2025 Baseella Ltd

  • Privacy
  • Cookies
  • Terms and Conditions