Salt Edge - Mobile Strong Customer Authentication (SCA)
A customer authentication solution to balance safety and convenience in the open banking compliance framework.
About Salt Edge - Mobile Strong Customer Authentication (SCA)
Salt Edge Strong Customer Authentication Mobile App combines the world's best UX and security practices to offer banks a solution that makes your business and customers' payment experience much better and safer.
Open banking regulations mandate the use of stronger fraud prevention checks to be performed by merchants and financial institutions. This requirement unfolds in Strong Customer Authentication (SCA), which involves multiple factors of authentication on behalf of a customer initiating electronic payments and granting access to accounts data.
This means that banks must enhance the end-user authentication procedures with any two out of three SCA’s elements (knowledge, possession, inherence) for activity performed via remote channels. Such Strong Customer Authenticator factor should be added at least for the following flows: · When accessing payment account online · When initiating an electronic payment transaction · When authorising access for new TPP · When performing any other action through a remote channel that might imply fraud risk
Within the EU and UK, there is an extra obligation for payment initiation - Dynamic linking. It requires the generation and exchange of an authentication code based on transaction amount and payee details. Dynamic linking is responsible for transaction security, integrity, and reliance.
How it works: The Salt Edge Strong Customer Authentication solution represents a mobile application on iOS and Android with decoupled authentication that helps not only to comply with all the SCA requirements and handle Dynamic Linking, but also improve customer experience with its value-added features.
Salt Edge - Mobile Strong Customer Authentication (SCA) features
Mobile-first SCA Solution
Support of Dynamic Linking
Uses “What You See Is What You Sign” principle
Configurable for client’s risk policy needs
Supports 4+ eyes principle controlling mechanism for business/corporate use cases
Full transparency and control of displayed information, including payment fees
Easy localisation in any language
Simple integration of Mobile SDK into an existing application
Value-added features like Passwordless authentication, Instant Action (by QR code), and Consent Management
Customisation possibility in accordance with client’s brand book
It is designed to be applied in all 3 cases indicated in RTS (Regulatory Technical Standard):
When accessing the payment accounts online - the SCA solution with a user-facing Salt Edge Authenticator app enables web login action and the process of linking the bank account to a TPP application. The Salt Edge Authenticator app combines all three implied elements, where inherence or password is used for access to secured personal data about initiated action, and authenticator app installed on a customer's mobile device represents the possession element, which stores security keys.
When initiating an electronic payment transaction - the Salt Edge Authenticator app shall be used by PSU to verify all payment details (e.g. beneficiary, payment amount, exchange rate, and applied fees) and to authorise the payment in case all details are correct.
When performing any action through a remote channel which may imply fraud risk - for example: to authorise a loan application online, or confirm changing the details of a contact, etc.