Latest European Banking Authority Opinion on SCA – Key Points

24th June 2019
Robbie MacDiarmid
Robbie MacDiarmid
Related Tags

The EBA has published its final opinion on SCA, clarifying the authentication elements and its interactions, as well as opening the door for potential extensions to the September 14th deadline.

The Opinion of the European Banking Authority on the elements of strong customer authentication under PSD2 document clarifies that the EBA is legally not able to postpone the deadline, however, it acknowledges that unintended negative consequences could occur as a result of SCA and therefore there may be a need for individual Competent Authorities (CA) to provide ‘limited additional time’ for the industry to prepare.

This flexibility comes with the caveat that PSPs must have a migration plan agreed with the CAs and that it is executed in an expedited manner.

The EBA have also clarified the viability of certain authentication methods for each of the three elements:

  • Knowledge – Something the customer knows e.g. PIN, password
  • Possession – Something the customer has e.g. debit card, phone
  • Inherence – Something the customer is e.g. fingerprint, retina scan

The guidance is as follows:

Table 1: Non-exhaustive List of Possible Inherence Elements

Table 2: Non-exhaustive List of Possible Possession Elements

Table 3: Non-exhaustive list of possible knowledge elements

There are a number of other areas addressed in the EBA’s opinion, and CMSPI is working with merchants to navigate the inherent complexities of the upcoming mandate.

You Might Also Be Interested In These...

Strong Customer Authentication (SCA) – Impact Assessment – February 2021

Our analysis of February data illustrates significant transaction failure with the estimated European failure rate on transactions at 31% compared to 33% in January 2021.

Read More >
Mastercard’s Brexit Fees Natwest Deal Update – CMSPI Insights Report

NatWest Group, which includes some of the UK’s largest issuing banks, have announced that they will be switching their debit cards from Visa to Mastercard.

Read More >
Strong Customer Authentication (SCA) – Impact Assessment – January 2021

Our reporting started back in August – analysis suggested that the average failure rate was 35% across Europe, fast forward to January, we’re seeing 33%.

Read More >
Retailer Challenges in Implementing an MIT Strategy – CMSPI Insights

With several use cases for MITs, it is likely that most merchants will encounter these transactions in some way.

Read More >
Want to learn more about SCA?