Encap SCA: PSD2 compliant since version 3.8
Ever since we started out back in 2006, at Encap we have focused on regulated markets, referring to our authentication solution as banking-grade – and we all know that the financial market is one of the most challenging regulated markets at the moment. Following the introduction of PSD2 at the beginning of 2018, Encap SCA version 3.8 was the first release compliant with the PSD2 RTS regulation. This version showed Encap’s power to innovate. And from that day forward, innovation in Strong Customer Authentication has been at the core of our solution.
The world has continued to change since the introduction of PSD2, and Encap SCA has evolved with new features to meet market needs. For this reason, we found it necessary to reaffirm the PSD2 compliance report, to verify that our new offline authentication feature and improved dynamic linking comply with the regulation. And we are proud to announce that Encap SCA continues to be fully compliant with PSD2.
Firstly, we have strengthened the dynamic linking. We now create the cryptographic binding of the context (for money transfers, this is the payment details) to the transaction after the user has seen and approved it. We always had a robust threshold against the man-in-the-middle attack. With this improvement, we have raised the bar even higher.
Secondly, we have introduced PSD2 Offline Authentication. This enables users to authenticate using SCA even when their device is not connected to the Internet.
New possibilities with PSD2 Offline Authentication
A typical use case for this feature is when a user wants to perform a payment transaction, but there is no Internet connection on their mobile device for out-of-band authentication. In such a situation, the user switches to their Internet banking site, but the regular mobile banking app authentication will fail, and the user cannot log in to the site and perform the transaction.
Encap’s PSD2 Offline Authentication is designed to overcome this issue. While the standard PSD2-compliant authentication depends on an Internet connection to present dynamic data and exchange authentication data with the backend, Encap’s newest feature offers an entirely offline, PSD2-compliant, strong customer authentication procedure.
It is very easy to use. On the bank’s website, the user selects the offline authentication method. The bank pushes a QR code that contains the dynamic linking data the bank receives from Encap. The user scans the QR code with the mobile banking app, which is offline. The user gets the dynamic linking data presented in a message, and will be asked to approve it using their biometrics or PIN in the mobile banking app. Encap SCA will generate a one-time passcode (OTP) that the user enters on the website. Behind the scenes, the Encap Server will verify the code, and the user is granted access to their Internet banking.
Once logged in to the bank, the user can perform the payment transaction, authorising it using a new PSD2 Offline Authentication.
Encap SCA takes PSD2 transaction authentication to the next level. By making user-friendliness and security central to our innovations, we are continuing to evolve Encap SCA to meet market needs. The trusted, banking-grade Encap SCA solution is the perfect companion for your digital journey.