Introduction
Get started with Mynt Platform
Customer onboarding
Onboarding overview
Card management
Tokenization and digital wallet
Sensitive card information
3DS - authentication of online payments
Strong customer authentication (SCA)
Spend control
Address verification service
Click to Pay
Account
External invoices
Payments
Card transactions
P2P transactions
L3 Data
Response codes
Communication
Customer communication strategy
White label
Web & mobile
System emails
Resources
Trust center

Strong customer authentification

Strong Customer Authentication (SCA) is a security requirement introduced under the EU's PSD2 regulation (Payment Services Directive 2). The goal of SCA is to enhance security and reduce the risk of fraud in electronic payments and other sensitive transactions. SCA requires the authentication of a user through at least two of the following three security factors:

  1. Something the user knows (e.g., a password or PIN)
  2. Something the user has (e.g., a phone or card)
  3. Something the user is (e.g., biometric data like fingerprints or facial recognition)

This multi-factor authentication ensures that only the authorized cardholder can perform specific actions or transactions.

When is SCA required?

SCA is necessary for the following scenarios involving sensitive information or high-risk actions:

  • Viewing card information: When the cardholder wants to see detailed card information, such as the full card number or the security code (CVV), SCA is required to ensure that only the authorized person has access to this information.
  • Viewing PIN: To view a card's PIN, SCA is mandatory to prevent unauthorized access or changes to the PIN.
  • Digital wallets (Apple Pay and Google Pay): When adding a card to a digital wallet or using tokenized card information in these services, SCA is required to confirm that the correct person is adding or using the card in the wallet.
    • In-app provisioning: When adding a card directly to an app for use in digital wallets or other digital services, SCA is required to authorize and secure the process.
  • 3D Secure (3DS): For online purchases using 3D Secure, which provides an additional security layer to verify the cardholder's identity, SCA is required to validate and approve the transaction.

Examples of when SCA is not required

There are certain actions where SCA is not needed, as they do not involve sensitive information or pose significant security risks:

  • Viewing card transactions: Cardholders can view their transaction history without needing to undergo an SCA process.
  • Adding a receipt to a transaction: If a user wants to attach a receipt or other information to a transaction, SCA is not required.
  • Ordering a new card: When a user requests a new card, SCA is not needed as the card ordering process itself does not involve immediate sensitive data.

Mynt’s white-label app for card management

To help partners go to market faster, Mynt offers a fully integrated white-label app for card management, which includes full SCA functionality. This white-label solution allows partners to quickly launch their card programs while relying on Mynt's infrastructure to manage key features like SCA and 3DS authentication. Partners can choose to use the app either as a permanent solution or as an interim step, allowing them to later develop their own card management and authentication capabilities in-house. This flexibility enables partners to meet regulatory requirements while focusing on other aspects of their product development.

Why is SCA important?

SCA is a crucial element in safeguarding both cardholders and businesses from fraud. By implementing multi-factor authentication, the risk of unauthorized access or misuse of sensitive information is minimized. It also ensures that partners integrating with Mynt’s platform can comply with regulatory requirements and provide a secure and trusted service to their customers.

Overview
On this page