How to be PSD2 Compliant with Two-Factor Authentication

Timothy Allen

What is PSD2 two-factor authentication? 

PSD2 replaced Europe’s Payment Services Directive (PSD) to provide improved customer protection for online and mobile payments. Banks must use secure, PSD2 two-factor authentication as part of the Secure Customer Authentication (SCA) requirements for electronic transactions. But what exactly is it?

Two-factor authentication is an additional security layer that protects a bank client’s sensitive data, while also preventing fraud.  

Here’s an everyday example of how 2FA helps keep accounts secure: someone steals the login details to your Gmail account and attempts to log in. However, since they’re trying to access your account from a new device, this is identified as a potential risk.  

To prevent your account from being hijacked, Gmail sends a push notification to your registered phone number to ask if you want to authorize the login attempt from a new device. You can stop this attempt by simply pressing NO. This is how 2FA keeps accounts secure in the event of stolen data – whether it’s login credentials or credit card details.

How to use PSD2 two-factor authentication to protect clients 

Infobip enables 2FA with PIN delivery or transaction approval queries over the channels your customers prefer – push messaging through your app, WhatsApp, SMS, or Voice. 

Push messages offer the best user experience. They work by giving users the option to simply press YES to authorize transactions, or to copy/paste a PIN delivered over the same channel.

If your company doesn’t have an app, WhatsApp can be used to deliver PINs to customers. Your customers may also not have internet access, or even own a smartphone – if this is the case, then SMS or Voice can be used to securely authenticate customers.

The best way to know which channels your customers prefer is to let them choose in their preferences. By using our omnichannel platform, we give you the ability to offer your customers all the channels mentioned for secure authorization.

How to integrate 2FA channels

Infobip offers two ways of providing PSD2 two-factor authentication: 

  1. Generate One-Time PINs (OTPs) to deliver them to your customers’ devices 
  2. Use our channels to deliver OTPs generated by your system

Both options give you the ability to quickly provide strong customer authentication that is PSD2 compliant and keep customer accounts secure.

How is Infobip PSD2 Compliant?

Our 2FA offers placeholders, which can be used to comply with PSD2 authentication requirements by inserting names into messages that deliver OTPs or to confirm transactions.

Learn more about how to get your business PSD2 compliant with our free whitepaper on PSD2 two-factor authentication.

Aug 7th, 2019
2 min read

Timothy Allen