Skip to main content

Authenticating and authorising payments under PSD2

With new standards part of EU’s second Payment Services Directive (PSD2) becoming effective as of 14 September 2019, comes tighter regulations surrounding the authentication of payment transactions online. A key element of PSD2 is the introduction of additional security authentications known as Strong Customer Authentication (SCA). Strong Customer Authentication (SCA) looks to enhance consumer rights and reduce online fraud by providing a high level of security that is standardised across industries.

What is Strong Customer Authentication?

It is likely you have come across Two Factor Authentication (2FA) as a consumer – a common method for digitally proving your identity using something you know (a password) and something you have (often your mobile phone). SCA leverages a similar process to authenticate at the point of payment by asking the user to claim their identity through two out of a possible three validation categories. These are:

  • Something you know (password, PIN)
  • Something you have (phone)
  • Something you are (biometrics – fingerprint, facial recognition etc.)

What does this mean for you?

For business account customers, our Firework mobile app will be used to login to Firework Online and to authenticate certain actions, such as adding a new payee, user or API token. This is designed to make accessing your account and making payments safer and more secure.

If you have not yet downloaded the Firework mobile app, you can do so via the App Store or Google Play Store. For more information regarding SCA, please visit and should you have any questions please get in touch with us on