PSD2 is Approaching… Have You Started Testing SCA Compliance?

Rehman Abdur
MessageBird
Published in
2 min readDec 6, 2019

Financial institutions across the European Economic Area (EEA) are getting ready for PSD2 to come into full effect. Read more to see how your company can prepare itself.

What is PSD2?

The second Payment Services Directive (PSD2) was introduced on 8 October 2015 as a revision to the original Payment Services Directive. PSD2 went into effect on 14 September 2019, but due to delays, an extension has been granted and the directive will be enforced on 31 December 2020. PSD2 was created to ensure businesses are appropriately authenticating online payments in Europe, and to foster opportunities for collaboration between banks and fintech. A large aspect of the directive is Strong Customer Authentication, or SCA.

What is SCA?

Strong Customer Authentication (SCA) is made up of three elements.

  1. Knowledge: something only the user knows, such as a password or PIN
  2. Possession: something only the user possesses, such as a personal device (like a tablet or mobile phone)
  3. Inherence: something the user is, such as a fingerprint or face recognition

Any noncompliance with these elements will require banks making transactions in Europe to decline payments that require SCA.

SCA is required each time a customer accesses their payment account online or initiates an electronic transaction. It is not applicable to merchant-initiated direct debits or in-person card payments outside of contactless payments. The requirements will apply to any transactions taking place in the EEA.

How can your business become SCA compliant?

You can become SCA compliant by implementing two simple tools. All you need is the MessageBird SMS API combined with a Verification tool of your choice (as a financial institution, you likely already have one set up, but if not, we recommend Verify).

The MessageBird SMS API enables your business to send SMS messages at scale, around the world, with maximum message deliverability due to its built-in redundancies, failovers, and direct-to-carrier connections. Architected for geographic and regulatory differences, the SMS API is designed to deliver strategic global solutions.

While setup is straightforward, we would advise your business to start testing in the coming weeks due to the sensitivity of the directive. We have SCA experts on staff who would be happy to guide you through the process. Please reach out here.

Enjoyed this article? Visit the MessageBird blog and follow us here.

--

--