Products Account InformationPayment InitiationVirtual POSPayment GatewayPay by LinkMarketplace PaymentsDirect Debit SystemReconciliationCard VaultCash Flow ManagementAdvisory & Licensing Solutions Business Finance E-Money / Wallet E-Commerce Industries KobAI Soon Pricing RESOURCES Documentation API Reference Open Banking Guide Security & Compliance Supported Banks Blog Success Stories About Contact
Log in Try Free
GLOSSARY

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication

Strong Customer Authentication (SCA) is a multi-factor security method that requires verifying the user with at least two independent elements: knowledge (a password), possession (a phone) and inherence (biometrics).

SCA is a security standard mandated to reduce fraud in open banking and online payments. It requires combining at least two of three categories of elements — something you know (PIN/password), something you have (phone/device), something you are (fingerprint/face). In open banking, every account access and payment is approved at the user's own bank with SCA, so the third party never sees banking credentials.

SCA was mandated in Europe by PSD2; Türkiye's open banking framework is likewise built on strong customer authentication.

FAQ

SCA — frequently asked questions

Which factors are used for SCA?

At least two of the categories — knowledge (password/PIN), possession (phone/device) and inherence (fingerprint/face) — are used together.

Who performs SCA in open banking?

Authentication is always performed on the user's own bank secure screen; the third party only receives the approval result and never sees the credentials.

Bring open banking into your product.

Try our infrastructure connecting to 850+ banks via one API in a free sandbox.