In the banking world there are already enough crazy abbreviations that nobody understands. Since September 2019, however, two more have come into force, which we would like to explain to you: PSD2 and SCA.
PSD2 stands for Payment Service Directive 2 and much of it has actually already been implemented without you noticing. The directive has been in force since January 2018 and comes from the EU. Above all, it is intended to provide more security and competition and is therefore entirely in your interest. Since 13.09.2019 there are some new features that you will notice when using your banking app.
One of them relates to standardized interfaces for third-party providers. This means that they can access your bank data if you want to use these services. For those who can't imagine what it means: These interfaces mean so-called bank APIs, which can be used by Fintechs, for example, who offer digital banking services with their own apps. Only if you agree to this, of course.
Another innovation relates to the login. In order to meet the requirements of PSD2, this must be done since mid-September by means of a so-called "strong customer authentication" or SCA (Strong Customer Authentication). For us, this means that we have to request another security element in addition to the password. This must be done in two stages: With the so-called 2-factor authentication, which you probably already know, for example if you log in somewhere with a new device and are asked again whether it really is you. These two factors must not come from the same category (examples for the categories: Knowledge PIN, Owned Smartphone, Inheritance Biometric), but must be composed of different areas. This means that when you log in, you will not only be asked for your password, but also for a dynamic part (such as an SMS Tan).