Payment Service Directive (PSD2)

Strong Customer Authentication (SCA) means that an authentication is made based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).

For SCA authentication elements are categorised:

• Something the customer knows: e.g., password or PIN
• Something the customer has: e.g., phone or hardware token
• Something the customer is: e.g., fingerprint or face recognition

Authentication methods compliant with SCA provided by Swedbank:

• Smart-ID: your smart device combined with your pin code
• Mobile ID: SIM card in your smart device combined with your pin code
• PIN Generator: your PIN device combined with your pin code
• National ID: your eID card combined with your pin code
• Payment card: your payment card combined with your pin code
• Biometrics via Swedbank app: your smart device combined with your biometric data

Payments in store:

Payments in store will be processed as usual either by confirming the payment with the PIN code or using contactless card, smart watch or other device.

Online payments:

Along with implementation of RTS, stronger authentication means will be used for online shopping. It indicates that merchants will be verifying identity of cardholder by requesting SCA. This would require merchants to ensure technical solution called 3D-Secure – identity confirmation method in web environment already used by e-commerce merchants today.

It is important to note, that more and more online shops will ask to authenticate payment strongly, that means to reapprove it with authentication measures: Smart -ID, Mobile ID, National ID, or PIN generator.