Vincent
Created: January 31, 2025
Updated: April 30, 2025
Are passkeys the best form of phishing-resistant MFA that is compliant with PSD2 and SCA requirements? This blog post answers all the questions.
Read the full articleRead by 5,000+ security leaders.
Strong Customer Authentication (SCA) is
a security requirement introduced by PSD2 (Revised Payment Services Directive) to
enhance the security of online payments and reduce fraud. SCA
mandates that financial institutions and payment service
providers implement multi-factor authentication (MFA) for electronic transactions,
ensuring that only legitimate users can access accounts and approve
payments.
To comply with SCA, authentication must involve at least two of the following three
factors:
SCA applies to most electronic payments within the European Economic Area (EEA). For
example:
Certain transactions may be exempt from SCA, such as:
Traditional authentication methods like passwords and SMS OTPs are still widely used but
are vulnerable to phishing attacks. Passkeys, based on WebAuthn and
FIDO2, offer a phishing-resistant alternative by leveraging
cryptographic authentication and device-bound credentials. Banks and fintech companies
implementing passkeys can meet SCA requirements while improving both security and user
experience.
Passkeys enable strong authentication PSD2 compliance by leveraging cryptographic key pairs and device-bound credentials for seamless, phishing-resistant logins.
By enforcing Strong Customer Authentication (SCA), PSD2 enhances transaction
security, reducing fraud risks and increasing trust in digital banking and online
payments.
Are passkeys the best form of phishing-resistant MFA that is compliant with PSD2 and SCA requirements? This blog post answers all the questions.
Read the full articleRead by 5,000+ security leaders.
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.