Two-factor identification / Strong identification / Strong client authentication / SCA / Strong customer authentication

Two-factor identification is a mandatory practice for banks. It is used to ensure that the financial institutions are sure that the given customer really gives an order for a transaction. It means that the customer is identified in several, usually two, ways at the same time, so if one of the identification methods falls into the hands of others, they cannot yet perform an operation on behalf of the customer.

  • + It gives security.

  • - Even the best multi-factor authentication solutions come with some inconvenience.
  • - Not all solutions are as multifactorial as they seem.

Key related topics

Card company / Acceptance of cards Money transfer / Remittance QR code / Mobile pay code / Two-dimensional code

The essence of multi-factor identification is that, before executing any remote order, the bank verifies in several ways that it is indeed executing the order of the customer who has control over the given invoice. Since the entry into force of the European Union's second payment directive, this has been mandatory for banks and fintech companies that also generate account transactions.

Banks can basically ask the customer for three things to identify themselves with: 

  • something that only the given customer can know (such as the PIN code), 
  • something that only the given customer owns (such as our telephone or telephone number) or
  • something that is a unique human characteristic of the customer, these are biometric identifiers (such as a fingerprint). 

The identification is multi-factor even if the bank uses two of one type. However, online banking access seems to be multi-factorial in vain when the verification code arrives via SMS and is given to the bank by the initiator of the transaction. Even though the unique knowledge (password) and possession of the phone required for entry appear in this, it is still more of a multi-step process. The person who is not the real customer, but can perform the first event (login to the banking application on the phone), will be able to perform the second identification as well, i.e. entering the code received via SMS. 

That is why banks strive to include several tools (channels) used by the customer in the identification process at the same time. Such a solution is to send and read the QR code, since the QR code arrives on our laptop, but we read it with our phone and then take the next steps. This solution assumes that it is relatively rare for our phone and laptop to fall into the hands of strangers at the same time. 

However, the customer can also take steps for multi-factor authentication. For example, we can request a security token from several banks and other service providers for multi-factor identification. If we do this, we will receive single-use authentication codes, which are generated by an external service provider, live only for a certain time (30-60 seconds) and are used only to approve the given operation. According to our current knowledge, these are the safest solutions. 

Last edited: March 15, 2023

Related topics

Fintech
Fintech

Recently viewed definitions

Two-factor identification / Strong identification / Strong client authentication / SCA / Strong customer authenticationIncome from operations / Business earningsRe-exportBusiness reportRisk profileClearing house

The purpose of our website is to provide information. All content has been compiled with the utmost care and is regularly checked. The page content is general, descriptive content, but there may be variations due to country-specific characteristics and legal regulations depending on the user / place of use.  The information on the webpage is not to be considered as business or legal advice for specific situations. The publisher shall not be liable for any legal consequences arising from the use of the information. If you want an official position, always contact the competent office if you need advice from the right expert. 

Dear Visitor,
We would like to inform you that Pressonline Kft. uses cookies to ensure the operation of this website, to provide a higher level of service to its visitors, to prepare visitors statistics and to support marketing activities. By clicking on the "Accept" button, you give your consent to using cookies as set out in the regulations available through the link below.