Rounding and Strong Customer Authentication: Difference between pages
From ACT Wiki
(Difference between pages)
imported>Doug Williamson (Create the page. Source: Excel Options Advanced.) |
imported>Doug Williamson (Mend link.) |
||
| Line 1: | Line 1: | ||
''Payments - PSD2''. | |||
(SCA). | |||
Regulatory Technical Standards (RTS) define SCA as authentication through at least two out of the following | |||
three categories: | |||
* Something only the user knows (e.g., passcode or PIN); | |||
* Something only the user possesses (e.g., mobile phone or token); | |||
* Something the user is (e.g., fingerprint, facial, iris or eye vein). | |||
The RTS require that the selected factors must be mutually independent in that the breach of one does not compromise the reliability of the other. | |||
The use of a single device for authentication and shopping is expressly permitted. This means, for example, that a smartphone may be used at the same time for transacting and for authenticating the cardholder. The risk connected to the use of multi-purpose devices (e.g. smartphones and tablets) must be mitigated through the use of separated secure execution environments. | |||
== See also == | == See also == | ||
* [[ | * [[PSD2]] | ||
* [[Regulatory Technical Standard]] | |||
* [[Two-factor authentication]] | |||
[[Category:Accounting,_tax_and_regulation]] | |||
[[Category:The_business_context]] | |||
[[Category:Identify_and_assess_risks]] | |||
[[Category:Manage_risks]] | |||
[[Category:Cash_management]] | |||
[[Category:Financial_products_and_markets]] | |||
[[Category:Technology]] | |||
Revision as of 07:38, 22 July 2019
Payments - PSD2.
(SCA).
Regulatory Technical Standards (RTS) define SCA as authentication through at least two out of the following three categories:
- Something only the user knows (e.g., passcode or PIN);
- Something only the user possesses (e.g., mobile phone or token);
- Something the user is (e.g., fingerprint, facial, iris or eye vein).
The RTS require that the selected factors must be mutually independent in that the breach of one does not compromise the reliability of the other.
The use of a single device for authentication and shopping is expressly permitted. This means, for example, that a smartphone may be used at the same time for transacting and for authenticating the cardholder. The risk connected to the use of multi-purpose devices (e.g. smartphones and tablets) must be mitigated through the use of separated secure execution environments.
