-
Notifications
You must be signed in to change notification settings - Fork 12
Introduction
Salt Edge Authenticator app aims to fulfill the requirements imposed by Second Payment Service Directive (PSD2) within European Union in regard to Strong Customer Authentication (SCA).
The SCA requirements demand that all the customer actions done via any remote channel (mobile/web banking, TPP app, etc.) should be accompanied by Strong Customer Authentication.
Strong Customer Authentication means that 2 out of 3 unique elements categorized as Knowledge, Possession, and Inherence should be compliant during the process of SCA. In other words, SCA, for example, has to include a combination of 2 elements - a smartphone (possession), password/PIN (knowledge) and/or fingerprint (inherence). In case of breach of one element, others will not allow a fraudulent action to be processed.
Salt Edge Authenticator combines all the three elements in the application. Personal device (smartphone or tablet) is the possession element, storing Private Key for decryption of the incoming message and creation of the signature. So, to open the app, customer will require the other two elements - either fingerprint/Face ID or PIN (password). With a combination of these, Salt Edge believes that Authenticator app is the most secure SCA solution on the market. Customers are protected from any security breach and get great user experience.
The Salt Edge SCA solution presumably should have in the SCA flow the following components: Authentication Service, Identity Service, Push Service, and Authenticator app. The implementation requires development of auxiliary to Identity Service component - an add-on. Salt Edge provides in the current repository the example of the Identity Service add-on, so it’s incredibly easy to implement it inside Service Provider infrastructure.