What Inherence elements are compliant with Strong Customer Authentication (SCA) requirements?
The following summarises the European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) view on what does and does not constitute an inherence element under the Regulatory Technical Standards (<a href="/glossarycollection/regulatory-technical-standards" style="color:#48277C;" target="_blank" title="Regulatory Technical Standards"><u>RTS</u></a>) on Strong Customer Authentication* (<a href="/glossarycollection/strong-customer-authentication" style="color:#48277C;" target="_blank" title="Strong Customer Authentication"><u>SCA</u></a>):<br/><br/>
Fingerprint Scanning;<br/><br/>
Voice Recognition;<br/><br/>
Vein Recognition;<br/><br/>
Hand & Face Geometry; Retina & Iris Scanning;<br/><br/>
Keystroke Dynamics;<br/><br/>
Heart rate or other body movement pattern identifying that the Payment Service User (<a href="/glossarycollection/payment-service-user" style="color:#48277C;" target="_blank" title="Payment Service User"><u>PSU</u></a>) is verified (e.g. for wearable devices);<br/><br/>
The angle at which the device is held.<br/><br/>
The following do not constitute inherence elements:<br/><br/>
information transmitted using a communication protocol, such as EMV® 3-D Secure;<br/><br/>
and,<br/><br/>
Memorised Swiping Paths.<br/><br/>
*Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements.