All payments initiated by the customer must systematically be subject to a strong authentication request (Strong Customer Authentication, SCA), unless exempted in the RTS. The SCA relies on three elements inherent to the buyer, validated by the EBA (European Banking Authority), to be combined to ensure their authentication: Something only the buyer knows (password), something only the buyer possesses (smartphone), something the buyer is (biometrics).
