PSD2 & Strong Customer Authentication Solutions

PSD2 doesn’t have to be another regulatory tick box. Banks should take the opportunity to improve their customers’ experience & most importantly - trust. Our Intelligence Driven Authentication can do just that.

Teenager authenticating bank transaction - PSD2 use case

PSD2: Changing the game for banks

The intent behind PSD2 was to create an open banking regulation that would foster innovation and competition. Giving customers and businesses access to better deals and services, along with the promise of always-secure financial transactions.

SCA Authentication:

  • something you know (e.g. password)
  • something you have (e.g. device)
  • something you are (e.g. biometrics)

PSD2 requires banks to give account access to third parties and allow remote payment initiation. The catch being that transactions are exposed to new layers of risk – but PSD2 has an answer to that in Strong Customer Authentication (SCA). Any remote account access or payments must be authenticated by at least two of SCA’s three authentication factors.

The only exemptions to SCA are for whitelisted merchants, subscription payments, secure corporate payments, and low-risk or low-value transactions.

We can help

PSD2 and Strong Customer Authentication: The challenges

There’s no sugar-coating it – PSD2 compliance can be challenging for banks.

Strong customer authentication means banks are increasingly responsible for digital customer identities. But implementing SCA in line with PSD2 is not a walk in the park. It gives rise to a number of challenges, especially for financial institutions that have been around for a long time.

It increases security risks

As two authentication factors are required under SCA, the number of attack vectors is naturally increased. What’s more, as people get used to being prompted for credentials, the potential for a new set of phishing attacks is created. So, upholding security is difficult.

It adds friction to user journeys

As PSD2 opens things up with APIs, SCA can actually lead to people facing more complicated authentication processes, more frequently, in more scenarios, if businesses don’t have the right policies in place. Consumers might be getting better deals and safer transactions, but the process is at risk of feeling clunky.

It needs to integrate with current systems

SCA must be applied to existing (and potentially disparate) channels, which poses an integration challenge. On non-adaptive current systems, this could even lead to duplicated authentication steps. Poor integration can lead to friction, non-compliance, or even abandoned transactions.

It needs to work across multiple channels

If SCA is not implemented correctly, it can end up being required every time a user makes a transaction. Which can be very onerous, especially when it comes to building strong customer relationships. To improve user experience and win trust, banks should focus on SCA’s exemptions.

It must also be GDPR-compliant

Let’s not forget about GDPR – which, just as PSD2 is facilitating an open banking movement, is raising the game for data privacy and protection. This means SCA must be GDPR-compliant too, because significant penalties could be dished out if personal data is breached.

How Callsign solves the PSD2 challenge

PSD2 means that banks are tasked with verifying that someone is who they say they are in more scenarios than ever. Which is why Callsign is the ideal solution for solving the omni-channel authentication challenge that PSD2 presents.

At the heart of Callsign technology is a unified understanding of digital identity. Our solution will adapt to new threats and new technologies as they happen. Letting customers get on with whatever it is that they’re doing – and, above all, keeping financial transactions secure and seamless.

Fraud Prevention


Callsign’s dynamic, intelligent, real-time authentication journeys stop cyber criminals in their tracks. Improving identification security for banks and ensuring no false positives.

Friction-Free Authentication


Our powerful Policy Engine adapts in real time to ensure appropriate authentication every time – and removes friction as it goes. Delivering the seamless (yet secure) user journeys expected these days.

Exemptions Can Improve Customer Experience


PSD2 guidelines include SCA exemptions that, if applied properly, can reduce authentication steps for customers. Callsign’s Policy Engine & Manager allows you to do exactly that.

Legacy Integration


By decoupling secure authentication from business functionality, Callsign can integrate easily with legacy services and deliver adaptability regardless of environment.

Future-Proof Solution


PSD2 is a moving target – and as new regulations and technologies come into play, the Callsign solution has the agility to support a truly long-term authentication strategy.

Find Out About our Packages