PSD2 requires strong customer authentication (SCA) to be performed in specific terms. The application of SCA should be based on the use of elements categorized as something only the user knows, something only the user possesses, and something the user is. These elements require adequate security features, so the breach of any item does not compromise the reliability of the other.
The authentication process can be implemented in various ways. Redirection and decoupled approaches are ones of them. In the cases of redirection and decoupled methods, end-users authentication data are exchanged directly between end-users and banks. The difference between these approaches is that the bank asks the end-user to authorize the payment via a dedicated mobile app.
Current banking redirection implementations are primarily browser-based, resulting in an end-user being redirected from the TPP application or website to the bank website for authentication. It is essential that when implementing the redirection, the end-user can also use his bank’s mobile app for authentication if the end-user uses this authentication method with direct access to his banking channel.
A dialog can be created with an app to app authentication. This way leads with an authentication request and takes back an access token to reach available data to develop an excellent user experience to the customer. This process empowers collaboration with banks and FinTechs.