Salt Edge Authenticator Open Source

Strong Customer Authentication Solution with Support of Dynamic Linking (PSD2)

Strong Customer Authentication

What is Strong Customer Authentication?

The Regulatory Technical Standards (RTS) on SCA implies that the end-customer’s identity must be verified by two or more authentication methods: Knowledge, Possession and Inherence. Each element must be independent, so that the breach of one element will not compromise the others.

Electronic remote transactions (such as payments made via mobile devices or online) are subject to an additional authorization layer to SCA — “Dynamic Linking”, which in fact requires ASPSP (e.g. banks) to add a specific Authorization Method for each remote transaction. Such authorization should include an Auth Code, which is generated based on payment amount and payee information. The Auth Codes must be provided to the end-customer via a different environment than the one through which the end-customer has initiating the payment. In essence, it means that the Authorization cannot be performed on the internet/mobile banking with payment initiation (PISP app) support otherwise, the Payment and the Authorization process would be combined in a single environment, which is prohibited by PSD2.

Strong Customer Authentication

NOTE: Generic Tokens, SMS, and non-encrypted push notifications cannot be used for Auth Code delivery as they might be read by the third parties involved in the message delivery. The RTS requires that “Dynamic Linking” information must be transmitted securely without any possibility for a third party to read or have access to this data.

Main Features

Linking of TPPs

Grant access to payment accounts for Third Party Providers (PISP/AISP). The authorization process is used as a second confirmation of the end-customer, besides the banking credentials.

Action Authorization

The bank generates the Auth Codes, while the Authenticator App offers the end-customer the possibility to allow or deny the action.

Get the SCA and Dynamic Linking Compliance Solution

Get more in-depth details on how Salt Edge can help your bank become compliant with all the SCA requirements.

Request a Demo

Implementation

implementation

The Authenticator is a white-label application which can be easily added as a separate app or as a module to an existing banking app. It can be used by any financial institution interested in being compliant with the SCA requirements. The Authenticator can be purchased separately or as part of the PSD2 Compliance Solution for banks. If ordered as a separate module, the Authenticator's implementation takes on average 4 to 6 weeks.

Request a Demo

Get Presentation!

Strong Customer Authentication Solution for PSD2

Download

Pricing

Open Source

  • Self-built application
  • No workshop
  • No localization
Get on GitHub

Basic

  • Standard application
  • 100,000 push notifications
  • SaaS model
  • No workshop
  • No localization
Contact Sales

Enterprise

  • Custom application
  • Unlimited push-notifications
  • On-premise model
  • Workshop
  • Localization
Contact Sales

Request a Demo

Get a first-hand experience with our global leading software to see the full range of possibilities that are unlocked for you and your company

Please complete this mandatory field
Please complete this mandatory field
Invalid email.
Please select an option from the dropdown
Please complete this mandatory field
Please select an option from the dropdown
Please complete this mandatory field

Which product are you interested in?