BSI launches SCA code of practice

The British Standards Institution (BSI) has published a publicly available code of practice for digital identification and Strong Customer Authentication (SCA).

The new specification - PAS 499:2019 - is for organisations with regulatory requirements under the second Payment Services Directive (PSD2) and related regulations.

It focuses on management principles and takes a regulatory view of identification and strong customer authentication, including: identity validation; identity verification; enrolment; authentication; delegated authorisation; risk models; security and usability.

It also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.

It does not cover contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.

Tim McGarr, digital sector lead at the BSI, said: “At a time when cyber crime and fraud are on the rise, it is critical that organizations have robust digital identity and user authentication processes in place to minimize the risks of their online transactions.

“PAS 499:2019 provides the recommendations needed to optimise and implement a system that supports legal and regulatory requirements.”

The new code was developed by a steering committee and underwent a peer and public review, as is normal practice in such a consensus document.

    Share Story:

Recent Stories


The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.