Strong Customer Authentication (SCA)

When logging into your WeSwap account, you might have been asked to verify your phone number or email address, set up a keycode (sometimes known as a passcode) or, if your phone allows it, a biometric (this is touch-ID or face-ID).

If you’ve already done this, you may notice you now need to enter your keycode or use your biometric every time you open the app.

You may be wondering why you have to do any of this at all. Well, it’s all because of PSD2 (or, to use its full name, the Revised Payment Service Directive) and Strong Customer Authentication (SCA).

These FAQs will explain what that is, what that means and how it affects you.

What is PSD2?

To help protect consumers and enhance online security, in 2019 the European Union introduced a new series of checks and requirements for all online banking services. This is called PSD2 and one of  its main focuses is encouraging Strong Customer Authentication (also SCA).

What is SCA?

One of the major implications of PSD2 is the focus on improving security in online payments by emphasising Strong Customer Authentication (SCA). An important element of SCA is two-factor authentication (2FA). You’re probably already aware of this even if you don’t know it by that name. It’s for those situations where inputting the username and password by themselves aren’t considered secure enough, so you need to add an extra layer of security. 

Obvious examples of this are additional questions that only you would know, like “what’s my mother’s maiden name?” and many financial institutions already have an SCA solution in place to secure online and mobile banking access, often with a one-time passcode through SMS text messaging or email. New approaches to two-factor authentication are emerging e.g., biometric recognition or fingerprint activation.

What are the new SCA requirements?

SCA now requires banks and financial institutions to put in place multi-factor authentication for all proximity and remote transactions performed on any channel. 

For WeSwappers, this means setting up two independent sources of validation to use when you access your WeSwap account. This is done by selecting a combination of two out of these three categories:

  • Something you know (e.g. passcode, password)
  • Something you have (e.g. OTP, phone)
  • Something you are (e.g. fingerprint, facial recognition)

What does this mean for WeSwappers?

You will need to have activated two-factor authentication (2FA) or you’ll be unable to log in to your WeSwap Online account.

.How do I set 2FA up?

2FA is already available to set up.

Just go to your app or dashboard and verify your email address and mobile phone number and/or set up a keycode. 

To complete the verification of your account, next time you log into the app (if you haven’t already, make sure you download it) on your phone you’ll need to set up a keycode (sometimes known as a passcode) and, if your phone allows it, face-ID or touch-ID.

 If you are interested in reading the original SCA requirements, they are set out in the Regulatory Technical Standards (RTS) here.




Submit a Request

If you can't find the answer you are looking for please submit a request to our customer support team.