Strong Customer Authentication & 2FA

Strong Customer Authentication (SCA) is a European regulatory requirement as part of the second Payment Services Directive (PSD2) for authenticating online payments and making them more secure.

There are some actions such as funding a transfer from your multi-currency account or retrieving a statement that require SCA in the UK and EEA. SCA builds additional authentication by asking two of the following three elements: something the customer knows, something the customer has and something the customer is.

When you make a request to an SCA protected endpoint, your request will always error with status 403 (Forbidden). The first step is to identify the kind of payment flow you are building so you can select an appropriate integration path:

If in doubt, please contact our support team to advise on the most appropriate solution for your use case.