PSD2 increases the level of user authentication required for the payment service, with the purpose of ensuring that Payment Service Providers (PSPs) can be confident in the authenticity of users.
PSD2 requires PSPs to apply “Strong Customer Authentication” (SCA) in cases where an organization or consumer attempts to access their payment accounts online, initiates an electronic payment transaction or “carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.”
In PSD2, SCA must have two-factor authentication or multi-factor authentication (*1). Therefore, authentication procedures must use two or more of the following elements, categorized as knowledge, ownership, and inherence:
• 2FA:Mandatory two-factor user authentication, i.e., knowledge, ownership, inherence.
KOBIL Trusted Login and KOBIL Trusted Verify helps meet this requirement
• Dynamic Linking: Authentication code must be linked to the amount and payee of the single transaction or batch of transactions,
KOBIL Trusted Verify helps meet this requirement.
• Security Measures: Adoption of security measures to ensure confidentiality, authenticity, and integrity of the information displayed through all phases, including generation, transmission, and use of the authentication code,
• Scope: Applicable to payment services provided to natural and legal persons on remote channels in the European Union,
KOBIL has been helping EU financial institutions meet strict regulatory requirements regarding information security and remote channels since 1984.
KOBIL Digitanium Suite was designed to respond to a growing demand from financial institutions and their clients for a multi-channel digital identity, transaction signing, and trusted workflow solution. It enables strong authentication and personal signatures with an audit trail using a secure, scalable and cost-effective infrastructure.
KOBIL Digitanium Suite uses a trusted and reliable Public Key Infrastructure (PKI), as well as KOBIL virtual smart cards and KOBIL Digitanium high trust environment and is based on common and widely used industry standards.
(*1) Two-factor authentication uses two factors, as the name implies, and Multi-Factor Authentication uses two or more factors. If multi-factor authentication has only two factors, it can be called either MFA or 2FA.
Learn more about digitanium with KOBIL!