What Inherence elements are compliant with Strong Customer Authentication (SCA) requirements?

The following summarises the European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) view on what does and does not constitute an inherence element under the Regulatory Technical Standards (<a href="/glossarycollection/regulatory-technical-standards" style="color:#48277C;" target="_blank" title="Regulatory Technical Standards"><u>RTS</u></a>) on Strong Customer Authentication* (<a href="/glossarycollection/strong-customer-authentication" style="color:#48277C;" target="_blank" title="Strong Customer Authentication"><u>SCA</u></a>):<br/><br/>

Fingerprint Scanning;<br/><br/>

Voice Recognition;<br/><br/>

Vein Recognition;<br/><br/>

Hand & Face Geometry; Retina & Iris Scanning;<br/><br/>

Keystroke Dynamics;<br/><br/>

Heart rate or other body movement pattern identifying that the Payment Service User (<a href="/glossarycollection/payment-service-user" style="color:#48277C;" target="_blank" title="Payment Service User"><u>PSU</u></a>) is verified (e.g. for wearable devices);<br/><br/>

The angle at which the device is held.<br/><br/>

The following do not constitute inherence elements:<br/><br/>

information transmitted using a communication protocol, such as EMV® 3-D Secure;<br/><br/>

and,<br/><br/>

Memorised Swiping Paths.<br/><br/>

*Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements.

Previous