A Reliable Solution for Strong Customer Authentication

PSD2 Compliance Made Easy

European banks will be required to follow SCA under PSD2

What is PSD2 and why must banks comply?

PSD2 is the second iteration of the ‘Payment Services Directive’ (PSD), a European Union (EU) directive first introduced in 2007 to regulate payment services and payment service providers (PSPs). PSD allowed for better pan-European competition and participation in the payments industry while threatening to break-up the banking industry’s monopoly on facilitating secure online payments. Many are concerned about the implications of adapting to SCA under PSD2 but they need not be.

GPayments, a well-known 3D Secure vendor for over 15 years, is introducing a new version of ActiveAccess, its innovative authentication platform, which supports 3D Secure, 3D Secure 2, and SCA, using its multi-factor authentication module.

psd2 image
PSD2 timeline

What is Strong Customer Authentication (SCA)?

Strong customer authentication (SCA) is defined as “an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). These must be independent from one another, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.”

With the general shift towards online services, there is a greater need to authenticate the identity of users during transactions and banking activities, in order to:

Reduce the cost of processing fraudulent transactions
Reduce the potential for online fraud
Comply with international regulations such as PCI-DSS and of course PSD2
Increase cardholder confidence in using online services
Something the 
user “KNOWS”
Something the User "Knows"
Something the 
user “HAS”
Something the 
user “IS”

What is dynamic linking?

When a payment is initiated, an authentication token is generated to dynamically connect the payment amount and the payee to the transaction.

In the event of changes to either the payment amount or the payee details, the authentication token becomes invalid, resulting in a failed transaction, and necessitating the generation of a new token before the transaction can be attempted again. This incorporation of dynamically linked components into SCA introduces an extra level of authentication beyond the previously mandated guidelines.

3D Secure 2 & PSD2, together can ensure safe and secure online transactions

The development of PSD2 (the second Payment Services Directive by the European Union) has seen some strong overlap with certain functions of the new 3D Secure 2 protocol, especially when it comes to SCA (Strong Customer Authentication), including TFA (Two Factor Authentication) and OTP’s (One Time Passwords).

3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as fingerprints or facial recognition, and QR codes than can be scanned by mobile applications.

3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as fingerprints or facial recognition, and QR codes than can be scanned by mobile applications.

The good news for merchants and issuers is that 3DS 2 fully aligned with the principles established in PSD2 and can provide the following benefits to Merchants, Issuers, and consumers.

Learn More about 3D Secure 2

Merchants will be able to offer a consistent, easy-to-use service across multiple payment gateway platforms and digital media during transaction authentication; this will help combat the 3D Secure issue of high cart abandonment rates.


Issuers can improve ‘frictionless authentication’ by way of richer data exchanges. Additionally, cardholders will be able to choose their preferred medium for making purchases – thanks to multi-factor authentication functionality – without compromising on security.


Consumers want a convenient and secure service when carrying out eCommerce payments; 3D Secure 2, along with the corresponding 3DS Server and ACS technology, will provide these benefits, adding efficiency with little to no impact on applications and payment gateways that customers are already familiar with.

How can GPayments help you comply with PSD2/SCA?

GPayments’ authentication suite consists of ActiveAccess is an EMVCo compliant Access Control Server which offers a multi-factor authentication service for internet banking, mobile banking, and eCommerce transactions, with or without card schemes’ directory servers. This provides banks with a flexible, cost-effective solution for their eBanking customers.

GPayments’ ActiveAccess Multi-Factor Authentication module provides the required services outlined under ‘Strong Customer Authentication’ in the PSD2 guidelines. This authentication service allows banks and financial institutions to provide their end-users with a secure mechanism for accessing their internet and mobile banking portals. Supporting a range of devices, ActiveAccess provides organisations with flexibility now and in the future, allowing the deployment of one or many devices simultaneously, from any vendor, by providing an authentication layer, which hides the device-specific intricacies of the authentication process.

Cost-Effective 3D Secure 2 illustration

ActiveAccess will support each of the following requirements, which need to be met during a dynamically linked transaction:

The payer must be aware of both the transaction amount and the payee at all times

Authentication tokens must be specific to the amount of the transaction and to the payee

The underlying technology must ensure the confidentiality, authenticity, and integrity of:

  • The amount of the transaction and of the payee
  • The information displayed to the payer through all phases of the authentication procedure

The authentication tokens must change if any changes are made to the amount of the transaction and/or the payee

The channel, device or mobile application, through which the information linking the transaction to a specific amount and payee is displayed, must be independent or segregated from the channel, device or mobile application used for initiating the electronic payment transaction

See Our ACS Product
Want to know how we can help you meet PSD2?
Thank you! Your submission has been received!
Thank you! Your support inquiry has been received!
Oops! Something went wrong while submitting the form.
For general queries, please email sales@gpayments.com
gpayments logo
Copyright © 2021  GPayments Pty Ltd. All rights reserved.
Privacy Policy / Cookies 
/ Company Policy