Strong Customer Authentication (SCA) and the EU Revised Directive on Payment Services (PSD2)
In essence, the legal directive requires that payment service providers use strong customer authentication wherever customers access their payment accounts online, or initiate a payment transaction. The final implementation deadline is set for December 31, 2020. In the context of the law, strong authentication means that two or more elements of knowledge, possession or inheritance that are independent need to be used in the authentication. Knowledge, such as knowing a password, will no longer be enough for online payments, and these transactions will be declined. Customers will need to have access to FIDO UAF clients that extend this strong security concept with possession: the mobile phone they own, and inheritance: their fingerprints of facial patterns used for biometric authentication.