Dos and don’ts for a successful PSD2 SCA implementation

Sander Voorwinden|22 March 2018
Dos and don’ts for a successful PSD2 SCA implementation

Although the European Banking Authority’s Revised Payment Services Directive (PSD2) already applies as of 13 January 2018, organizations still have until April of next year to become compliant with the regulatory technical standards for strong customer authentication (SCA). It’s not too late to make the most of the opportunity that PSD2 offers, especially if you start planning immediately.

Every organization has its own unique IT environment, but there are a few guiding principles that apply across the board. Follow these rules to ensure a successful SCA implementation.


  1. Define a clear project scope.

Before you begin your SCA implementation, you need to define its scope – not only in terms of deliverables, but also the process itself (e.g. a PRINCE2 or Agile approach). The more detail you can define early on, the smoother your implementation will run.

  1. Clarify the requirements for your organization.

All key stakeholders need to be aware of the SCA requirements your organization needs to meet. Narrowly defining these requirements will also make it easier to select a technology vendor.

  1. Find the right implementation partner.

The right partner’s technology should enable you to meet all your immediate requirements, including state-of-the-art SCA, but should also future-proof your organization against regulatory roadblocks further along the line.


  1. Don’t neglect the fine print.

The devil is in the detail, and from my experience no two authentication implementations are the same. Various factors need to be taken into account, such as your organization’s specific internal processes and your region’s local regulation guidelines.

  1. Don’t waste time.

Given the current PSD2 timeline, a custom-made solution is no longer an option. However, your technology partner may be able to offer you an off-the-shelf SCA compliance product that is quick to integrate but doesn’t skimp on performance.

Time is running out for compliance with PSD2, but with the right implementation partner, you can meet its deadline and all your regulatory requirements.

About the author

Sander Voorwinden

Sander Voorwinden

Project Manager: Europe

Sander is a no-nonsense Agile project manager with a pragmatic approach, and a calm and steady hand in stressful situations. By adapting quickly to challenging situations, his humor and perspective help motivate his team at Entersekt and bring projects to their succesfull conclusion.

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.