Blog / Website Security / How PSD2 is allowing biometrics to be used as a Multi Factor Authentication (MFA) step
How PSD2 is allowing biometrics to be used as a Multi Factor Authentication (MFA) step
28 Sep 2021

The GDRP (General Data Protection Regulation), PSD2 (Second Payment Services Directive), and new regulations of the European Union require secure data handling and transactions along with a good customer experience. More particularly, PSD2 needs SCA (Strong Customer Authentication) processes in place. It has dictated two-factor authentication for ensuring safe payment approvals are in place. Well, the meaning of two-factor authentication is the process of identification of a customer’s authentication based on two or more elements from possession, inherence, and knowledge.

Introduction to PSD2

PSD2 is the Payment Service Directive’s 2nd revision which is meant to develop the financial industry and online payments market in the European Union. It highlights the essential requirements necessary to fulfill for businesses to use open banking/ bank payment as well as 2-factor authentication services to boost security in online payments in the best possible way.

Even though the PSD2’s SCA implementation was a halt on electronic payments because some organizations were having difficulty in implementing the mechanism of 2-factor authentication for a certain period. However, the implementation’s end date was set 31st December 2020 by EBA in Europe.

Due to that, the industry of financial services is in the midst of a sweeping change due to SCA’s two-factor authentication implementation. It is because companies have seen a significant shift in the requirements of PSD2’s SCA. It seems like the regulations of PSD2 are all set to revolutionize the industry of financial services.

Objectives of SCA by EU’s PSD2

Strong Customer Authentication requirements by EU’s PSD2 are meant for secure and protected online payments. Even more, this will also encourage innovation and prevent fraud in the best possible way.

For this SCA requirements are being applied to the online payments initiated by customers within Europe. Also, it impacts most of the bank transfers and card payments performed online.

In short, all the electronic payments that fall under SCA scope has to perform 2-factor authentication based on the elements’ combination falling in any of the following categories:

  • Inherence like physical or behavioral elements
  • Knowledge like a pin code or password
  • Possession like a card, or mobile phone

Even though the SCA requirements of PSD2 are aimed at making the open banking or online payment processes more flexible, securer, and less complicated, as just like any new technology. However, vulnerability is TPPs.

How PSD2’s SCA requirements can be achieved with biometrics?

Multi-factor authentication is meant to provide an additional security layer when making any online payment. However, now financial service providers or companies using online payment have to integrate biometric configuration to comply with the two-factor authentication requirements of SCA.

Earlier, possession and inherence were additional elements used as optimal choices to offer customers a securer and more convenient to approve any online transaction to meet the mandate of SCA. However, now it is dictated to add a biometric configuration process to make things easier for customers while improving customer experience in the best possible way. This can be achieved by using the fingerprint reader of your smartphone to approve a payment quickly and easily.

Biometric recognition has changed the way online payments are used to make. Therefore, it is becoming an important component of Strong Customer Authentication. Biometric recognition is important for SCA especially via mobile devices. It is because biometric recognition can provide the highest possible security level without bringing any hectic or additional steps to your customer’s journey.

SCA has pointed out that OTP or email and password logins add time to the flow of checkout. Even more, it can also be a bit daunting for customers. At the same time, password and OTP logins are also vulnerable to security attacks using tricks like sim swapping.

There are three basic ways to add biometrics as a 2-factor authentication process in your customers’ journey.

  • Using voice biometric for customer authentication by saying a certain phrase is also a convenient and secure way to add multi-factor authentication to meet the requirements of SCA.
  • The other is using face recognition with passive liveness detection.
  • Even more, companies can also use passive liveness detection with fingerprint integration.

All of these can add a simple yet effective way to authenticate your customers and compliant PSD2 requirements regarding SCA. These are efficient ways of enhancing security without even impacting user experience negatively. 

Protectumus offers Multi Step Authentication and Two Factor Authentication (2FA) for all registered users. You can check the Protectumus cyber security features here:


Want to know more about keeping your site safe? Subscribe to our mailing list.