The Authenticator App handles “Dynamic Linking” and meets all the Strong Customer Authentication (SCA) requirements
Get Started
The Regulatory Technical Standards (RTS) on SCA implies that the end-customer’s identity must be verified by two or more authentication methods: Knowledge, Possession and Inherence. Each element must be independent, so that the breach of one element will not compromise the others.
Electronic remote transactions (such as payments made via mobile devices or online) are subject to an additional authorization layer to SCA — “Dynamic Linking”, which in fact requires ASPSP (e.g. banks) to add a specific Authorization Method for each remote transaction. Such authorization should include an Auth Code, which is generated based on payment amount and payee information. The Auth Codes must be provided to the end-customer via a different environment than the one through which the end-customer has initiating the payment. In essence, it means that the Authorization cannot be performed on the internet/mobile banking with payment initiation (PISP app) support otherwise, the Payment and the Authorization process would be combined in a single environment, which is prohibited by PSD2.
NOTE: Generic Tokens, SMS, and non-encrypted push notifications cannot be used for Auth Code delivery as they might be read by the third parties involved in the message delivery. The RTS requires that “Dynamic Linking” information must be transmitted securely without any possibility for a third party to read or have access to this data.
Grant access to payment accounts for Third Party Providers (PISP/AISP). The authorization process is used as a second confirmation of the end-customer, besides the banking credentials.
The bank generates the Auth Codes, while the Authenticator App offers the end-customer the possibility to allow or deny the action.
Receive and sign legally binding electronic documents from a mobile device. The Authenticator is used for digitally signing the received documents using private keys stored on the mobile device.
Get more in-depth details on how Salt Edge can help your bank become compliant with all the SCA requirements.
Get StartedThe only thing that Salt Edge stores on the end-customer’s device itself is the Private Key, that was designated special for this end-customer and for that particular device. The Authorization session of any action expires in just a couple of minutes. Therefore, the maximum that an attacker could do is only accept or decline an existing payment.
The Authenticator is a white-label application which can be easily added as a separate app or as a module to an existing banking app. It can be used by any financial institution interested in being compliant with the SCA requirements. The Authenticator can be purchased separately or as part of the PSD2 Compliance Solution for banks. If ordered as a separate module, the Authenticator's implementation takes on average 4 to 6 weeks.
Request a DemoGet a first-hand experience with our global leading software to see the full range of possibilities that are unlocked for you and your company