Strong Customer Authentication (also known as SCA) fulfills a set of regulatory requirements, designed to reduce fraud, making online payments more secure while establishing trust with consumers. SCA adds an extra layer of security by using a third party like a bank to verify the end-customer prior or during an online payment. Riverty currently offers this functionality in Sweden, Norway, Denmark, Finland, Germany, Austria, Switzerland and the Netherlands.
Country | Sweden | Norway | Finland | Denmark | Netherlands | Germany and Austria |
---|---|---|---|---|---|---|
Name of eID method | BankID (SE) | BankID (NO) | FTN (Finnish Trust Network) | MitID (replaces NemID) | iDIN | One Time Password (SMS/Email) |
Required field(s) | Identification number | Identification number | Identification number | Identification number | Date of birth, first name, last name | Phone Number, Email Address |
Country specific restrictions | Only for customers using the following banks: ABN AMRO, ASN Bank, Bunq, ING, Rabobank, RegioBank, SNS. More info: https://www.idin.nl/en/can-i-use-idin/ | |||||
To trigger on test environment | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh | First item description has to be SCAHigh The last name has to be Vries and date of birth has to be 1975-07-25 |
First item description has to be: For SMS: OTP_REQUIRED_SMS For Email: OTP_REQUIRED_EMAIL For both SMS or Email: OTP_REQUIRED_SMS_OR_EMAIL For Date of Birth: OTP_REQUIRED_DoB For SMS and Date of Birth: OTP_REQUIRED_SMS_AND_DoB For Email and Date of Birth: OTP_REQUIRED_EMAIL_AND_DoB |
The SCA implementation uses a redirect flow which requires the end-customer to be redirected to the secure login URL that was provided by Riverty API during the Authorize Payment or Verify request. The end-customer will be presented with a page with further instructions. After the verification process is completed the end-customer is redirected back to merchant’s web page.
Riverty will decide for which orders and customers SCA will be triggered. This decision is based on a number of parameters, such as order amount, shipping address and other fraud and risk related variables.
When initiating the SCA process within a mobile app, it is crucial to open the Secure Login URL in the native or system browser. If the SCA flow is opened via a WebView integration, particularly on iOS devices, users may encounter difficulties when attempting to return to the merchant URL to complete the process.
Do you find this page helpful?