Strong Customer Authentication (SCA)

Balance security, user experience and compliance in every financial transaction

Build trust in online payments

Financial institutions (FIs) are facing a rising tide of cyber threats such as phishing and account takeovers. Strong Customer Authentication (SCA) provides an additional layer of security, making it more difficult for fraudsters to impersonate customers and carry out fraudulent activities. Moreover, SCA allows FIs to achieve a harmonious blend of security, user experience, and regulatory compliance.


Bolster Security

Mitigate frauds and account takeovers. Significantly boost the security of online payment transactions.

Build customer trust

Build customer trust

Demonstrate a commitment to safeguarding customers' financial transactions while prioritizing convenience.

Ensure Compliance

Ensure compliance

Comply with regulatory standards such as the EU Payment Services Directive (PSD2).

Need help managing authentication at scale?

What is Strong Customer Authentication (SCA)?

Strong customer authentication (SCA) is a mandatory security measure introduced by the EU Payment Services Directive (PSD2) to mitigate fraud and enhance the safety of online payments. SCA mandates financial institutions to employ at least two distinct authentication methods to confirm a financial transaction. These methods may involve factors like something known to the customer (e.g., password), something possessed by the customer (e.g., phone or security token), or something inherent to the customer (e.g., fingerprint).



81% of consumers

expect some form of strong authentication despite strong authentication historically associated with frustrating customer experiences. Passkeys can serve as a component in attaining a balance. 

Endorsed by
KuppingerCole Analyst Logo

Navigate PSD2 regulations and compliance with Thales.

The PSD2 regulation drastically impacts the financial ecosystem and infrastructure for banks, fintechs, and businesses using payment data to benefit consumers. Here is everything you need to know about PSD2.



How does Strong Customer Authentication (SCA) work?

SCA works by verifying a user's identity through multiple factors such as passwords, biometrics, or possession of a device. Users must provide authentication through at least two of the following factors to complete a transaction:

Knowledge factors

This involves something only the user knows, such as a password, PIN, or answers to security questions.

Possession factors

This involves something only the user possesses, such as a mobile device, smart card, or token.

Inherence factors

This involves something inherent to the user, such as biometric data like fingerprint, facial recognition, or iris scans.

Thales provides tailored security solutions for FIs, including cloud-based managed services, to facilitate seamless and cost-effective implementation of SCA and risk management protocols. Our cloud-based managed services enable FIs to combine identity-proofing and strong customer authentication to secure onboarding and digital banking access, within a single platform.

Digital Banking Services

Effectively validate identities with tailored authentication

Tailor your authentication journey to your organization's needs, users, and risk levels for a robust and cost-effective system. Integrate different authentication options, including:

Make IAM Easier

See how we can help you secure identities

Request a Demo
KuppingerCole Leadership Compass Overall Leader

KuppingerCole Analysts Logo

Thales Named an Overall Leader

Find the product or service that best meets your needs, and learn why KuppingerCole named Thales a Market Leader, Overall Leader, and Innovation Leader in Access Management

Danny de Vreeze

For decades, financial institutions worldwide have entrusted Thales to safeguard access to their digital services. With our wide range of solutions specifically designed to protect both financial institutions and end-users, we effectively address the security, functional, and regulatory needs of the industry."
Danny de Vreeze Vice President, Identity and Access Management Thales

Recommended resources

Frequently asked questions

    Some challenges that FIs encounter with implementing SCA include compatibility issues with existing systems, complexity for customers due to additional authentication steps, and the need to integrate with third-party services such as payment or billing systems.

    To overcome challenges with SCA, FIs may need to invest in new technology, modify existing systems, or collaborate closely with digital banking and payment service providers to ensure compatibility and a smooth transition.

    To streamline user access, organizations should offer various authentication methods such as context-based authentication, SMS, phone tokens, or hardware tokens, catering to user roles and security profiles. Integrating passkeys into authentication options could offer a seamless yet secure approach, enhancing user experience and ensuring compliance with corporate security policies.