Strong Customer Authentication & 2FA

Strong Customer Authentication (SCA) is a European regulatory requirement as part of the second Payment Services Directive (PSD2) for authenticating online payments and making them more secure.

There are some actions such as funding a transfer from your multi-currency account or retrieving a statement that require SCA in the UK and EEA. SCA builds additional authentication by asking two of the following three elements: something the customer knows, something the customer has and something the customer is.

When you make a request to an SCA protected endpoint, your request will always error with status 403 (Forbidden). The first step is to identify the kind of payment flow you are building so you can select an appropriate integration path:

• If you are building a Customer Accounts solution, then you may want to use our self-service Embedded authorization flow or speak with our support team about more integrated options.
• If you are building a Partner Account solution, then please contact our sales team before proceeding.
• If you are an Open Banking partner then please refer to our Open Banking guide.

If in doubt, please contact our support team to advise on the most appropriate solution for your use case.