Strong Customer Authentication
Strong Customer Authentication (SCA) is a multi-factor security method that requires verifying the user with at least two independent elements: knowledge (a password), possession (a phone) and inherence (biometrics).
SCA is a security standard mandated to reduce fraud in open banking and online payments. It requires combining at least two of three categories of elements — something you know (PIN/password), something you have (phone/device), something you are (fingerprint/face). In open banking, every account access and payment is approved at the user's own bank with SCA, so the third party never sees banking credentials.
SCA was mandated in Europe by PSD2; Türkiye's open banking framework is likewise built on strong customer authentication.
At least two of the categories — knowledge (password/PIN), possession (phone/device) and inherence (fingerprint/face) — are used together.
Authentication is always performed on the user's own bank secure screen; the third party only receives the approval result and never sees the credentials.
Try our infrastructure connecting to 850+ banks via one API in a free sandbox.