Since September 2019, PSD2 and SCA were implemented to the banking world. Here we explain it a little bit more in detail to you:
PSD2 stands for Payment Service Directive 2 and much of it has actually already been implemented without you noticing. The directive has been in force since January 2018 and comes from the EU. Above all, it is intended to provide more security and competition and is therefore entirely in your interest. Since 13.09.2019 there are some new features that you will notice when using your banking app.
One of them relates to standardized interfaces for third-party providers. This means that these providers can access your bank data if you want to use their services. In case you can't imagine what that means: These interfaces are so-called bank APIs, which can be used by Fintechs, for example, to offer digital banking services with their own apps. Only if you agree to it, of course.
Another innovation relates to the login. In order to meet the requirements of PSD2, since mid-September 2019 this must be done by means of a so-called "strong customer authentication" or SCA (Strong Customer Authentication). For us, this means that we have to request another security element in addition to the password. This has to be done with the so-called 2-factor authentication, which you probably already know from when you log in somewhere with a new device and are asked again whether it really is you. These two factors must not come from the same category (examples for the categories: Knowledge PIN, Owned Smartphone, Inheritance Biometric), but must be composed of different areas. This means that when you log in, you will not only be asked for your password, but also for a dynamic part (such as the binding to your device).