Salt Edge - Mobile Strong Customer Authentication (SCA)

A customer authentication solution to balance safety and convenience in the open banking compliance framework.

About Salt Edge - Mobile Strong Customer Authentication (SCA)

Salt Edge Strong Customer Authentication Mobile App combines the world's best UX and security practices to offer banks a solution that makes your business and customers' payment experience much better and safer.

Open banking regulations mandate the use of stronger fraud prevention checks to be performed by merchants and financial institutions. This requirement unfolds in Strong Customer Authentication (SCA), which involves multiple factors of authentication on behalf of a customer initiating electronic payments and granting access to accounts data.

This means that banks must enhance the end-user authentication procedures with any two out of three SCA’s elements (knowledge, possession, inherence) for activity performed via remote channels. Such Strong Customer Authenticator factor should be added at least for the following flows: · When accessing payment account online · When initiating an electronic payment transaction · When authorising access for new TPP · When performing any other action through a remote channel that might imply fraud risk

Within the EU and UK, there is an extra obligation for payment initiation - Dynamic linking. It requires the generation and exchange of an authentication code based on transaction amount and payee details. Dynamic linking is responsible for transaction security, integrity, and reliance.

How it works: The Salt Edge Strong Customer Authentication solution represents a mobile application on iOS and Android with decoupled authentication that helps not only to comply with all the SCA requirements and handle Dynamic Linking, but also improve customer experience with its value-added features.

Salt Edge - Mobile Strong Customer Authentication (SCA) features

Mobile-first SCA Solution

Support of Dynamic Linking

Uses “What You See Is What You Sign” principle

Configurable for client’s risk policy needs

Supports 4+ eyes principle controlling mechanism for business/corporate use cases

Full transparency and control of displayed information, including payment fees

Easy localisation in any language

Simple integration of Mobile SDK into an existing application

Value-added features like Passwordless authentication, Instant Action (by QR code), and Consent Management

Customisation possibility in accordance with client’s brand book

It is designed to be applied in all 3 cases indicated in RTS (Regulatory Technical Standard):

When accessing the payment accounts online - the SCA solution with a user-facing Salt Edge Authenticator app enables web login action and the process of linking the bank account to a TPP application. The Salt Edge Authenticator app combines all three implied elements, where inherence or password is used for access to secured personal data about initiated action, and authenticator app installed on a customer's mobile device represents the possession element, which stores security keys.

When initiating an electronic payment transaction - the Salt Edge Authenticator app shall be used by PSU to verify all payment details (e.g. beneficiary, payment amount, exchange rate, and applied fees) and to authorise the payment in case all details are correct.

When performing any action through a remote channel which may imply fraud risk - for example: to authorise a loan application online, or confirm changing the details of a contact, etc.

Salt Edge - Mobile Strong Customer Authentication (SCA) screenshots

Interested in more insights?

Banq builds data products and ecosystem solutions for bank and fintech providers.

Join us