Subscribe to our e-newsletter
Follow us on Twitter
Privacy and cookies
Established 1995
Monday 27 January 2020


BSI launches SCA code of practice

Written by Peter Walker

The British Standards Institution (BSI) has published a publicly available code of practice for digital identification and Strong Customer Authentication (SCA).

The new specification - PAS 499:2019 - is for organisations with regulatory requirements under the second Payment Services Directive (PSD2) and related regulations.

It focuses on management principles and takes a regulatory view of identification and strong customer authentication, including: identity validation; identity verification; enrolment; authentication; delegated authorisation; risk models; security and usability.

It also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.

It does not cover contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.

Tim McGarr, digital sector lead at the BSI, said: “At a time when cyber crime and fraud are on the rise, it is critical that organizations have robust digital identity and user authentication processes in place to minimize the risks of their online transactions.

“PAS 499:2019 provides the recommendations needed to optimise and implement a system that supports legal and regulatory requirements.”

The new code was developed by a steering committee and underwent a peer and public review, as is normal practice in such a consensus document.

FStech editor Peter Walker sits down with Rackspace solutions director Rhys Sharp to discuss cloud adoption challenges - skills shortages, cultural barriers, legacy systems - and the solutions that the company offers, as well as trends within cloud migration and regulatory attitudes towards the industry.



Most read stories...



Payments Awards 2019