Strong Customer Authentication (SCA) What you need to know

  • All posts
    All posts|Currency Updates
    All posts|Currency Updates|International Trade
    All posts|In The News
    All posts|International Trade
    Charities & NGOs
    Currency Updates
    Currency Updates|In The News
    In The News
    In The News|Press
    International Trade
  • Latest

13 September 2019


What is Strong Customer Authentication (SCA)?
Strong customer authentication (SCA) is a requirement of PSD2 on payment service providers within the European Economic Area.

he requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.

What does this mean for you?

We have made changes to Ebury Online (EBO), so that two-factor authentication (2FA) becomes mandatory when logging in, and creating a payment.

Changes to logging into Ebury Online

When logging into Ebury Online, you will have the option to set your authentication method via an SMS to your phone number or an Authentication App (e.g. Google Authenticator, Authy). You will be forced to activate 2FA using one of these methods before you can access your account.

When logging into Ebury Online, you will need to enter the 2FA code that you receive via SMS or Authentication App. After successfully logging into Ebury Online with 2FA, you have the option of not requiring a 2FA code for 30 days.,

Changes to your payments in Ebury Online

When creating a payment in Ebury Online, you will be prompted to set up 2FA for Payments. If you already have SMS activated as your Authentication Method for logging into Ebury Online, you do not need to go through the 2FA setup process for payments. Ebury will use your mobile number that is already setup for 2FA on login.

When instructing a payment, you will receive a 2FA code via SMS which will contain masked details of your payment. This code is a one-time password specific to the payment you’re creating. This significantly improves security, as it makes it difficult for fraudsters to replicate a valid 2FA code.