[Openid-specs-fapi] Another Take on SCA (Strong Customer Authentication)

Anders Rundgren anders.rundgren.net at gmail.com
Sat Dec 2 05:35:04 UTC 2017

According to the new PSD2 regulations, small amounts like below € 50 does not require SCA. In the card world this already exist but it doesn't work as most people seem to believe. EMV transactions using "swipe" are (AFAIK...) TECHNICALLY IDENTICAL to traditional EMV transactions enabled by PIN codes. That is, the authentication of the card is indeed "Strong" while the authentication of the person using the card is absent.

This established concept doesn't translate at all to PSD2 APIs like UK's Open Banking or FAPI, but fits like a glove the Mobile Payment systems I'm talking [too much?] about.

Conclusion: Banking/Financial Services <<>> Consumer Payments.

Anders Rundgren
Payment system architect & developer

More information about the Openid-specs-fapi mailing list