Chat with us, powered by LiveChat
Products Hub
Simplifying the Global Complexity of Communication

Create experiences customers value to securely engage, convert, support and retain them.

See all products
Customer Engagement
Communication Channels
Platform and Connectivity
Create Memorable Customer Experiences

Solutions refined over 12 years and 40,000 customers, blending customer experience, technology and data.

Find out more
Maximize your revenue with Infobip

We are a trusted partner in expanding business messaging, bringing new revenue and building enterprise relationships with top-notch customer experience.

Find out more
Telecom solutions
Get better by example and experience

Real-world Insights, events and case studies to learn and adapt to your needs.

How to be PSD2 Compliant with Two-Factor Authentication

How to be PSD2 Compliant with Two-Factor Authentication

In our two-part blog series we answer the questions: what is PSD2, and how you can provide strong customer authentication for you to be PSD2 compliant

What is PSD2, again? 

Our first blog in the series helped answer the questions “What is PSD2 and What Does it Mean for You?” In 2015 the European Parliament adopted a proposal from the European Commission to replace the Payment Services Directive (PSD). The goal of the new directive is to provide improved consumer protection for online and mobile payments. 

Security in PSD2 is governed by Secure Customer Authentication (SCA) rules, which dictate that banks are required to use strong multi-factor customer authentication for electronic transactions. Secure, two-factor authentication (2FA) meets this requirement. 

What is Two-Factor Authentication (2FA)? 

Two-factor authentication is an additional security layer that protects a bank client’s sensitive data, while also preventing fraud.  


Here’s an everyday example of how 2FA helps keep accounts secure: Someone steals the login details to your Gmail account and attempts to log in. However, since they’re trying to access your account from a new device, this is identified as a potential risk.  

To prevent your account from being hijacked, Gmail sends a push notification to your registered phone number to ask if you want to authorize the login attempt from a new device. You can stop this attempt by simply pressing NO. This is how 2FA keeps accounts secure in the event of stolen data – whether it’s login credentials or credit card details.  


“How can I use 2FA to keep clients protected?” 

Infobip enables 2FA with PIN delivery or transaction approval queries over the channels your customers prefer – push messaging through your app, WhatsApp, SMS or Voice. 

Push messages offer the best user experience. They work by giving users the option to simply press YES to authorize transactions, or to copy/paste a PIN delivered over the same channel. 

If your company doesn’t have an app, WhatsApp can be used to deliver PINs to customers. Your customers may also not have internet access, or even own a smartphone – if this is the case, then SMS or Voice can be used to securely authenticate customers. 

The best way to know which channels your customers prefer is to let them choose in their preferences. By using our omnichannel platform, we give you the ability to offer your customers all the channels mentioned for secure authorization. 

“How Do I Integrate 2FA Channels?” 

Infobip offers two ways of providing 2FA: 

  1. Generate One-Time PINs (OTPs) to deliver them to your customers’ devices 
  2. Use our channels to deliver OTPs generated by your system

Both options give you the ability to quickly provide strong customer authentication that is PSD2 compliant and keep customer accounts secure. 

How is Infobip PSD2 Compliant? 


Our 2FA offers placeholders, which can be used to comply with PSD2 authentication requirements by inserting names into messages that deliver OTPs or to confirm transactions. 

Find out how to get your business ready for PSD2 with our free white paper.