Just in time: PSD2 SCA implementation

Sander Voorwinden|14 March 2019
Just in time: PSD2 SCA implementation

The go-live date for the revised Payment Services Directive (PSD2) strong customer authentication (SCA) requirement is 14 September. Put another way, we’re at five minutes to the stroke of midnight for SCA implementation. It’s not too late, though, which is why I titled this blog post “Just in time”.

Many financial institutions have already implemented the PSD2 SCA requirements, but there are still a number that need to take the final steps to meet the September deadline. Although every implementation is one-of-a-kind and every organization a distinct entity with a unique IT environment, there are some common points that any business should consider if it is to implement a PSD2-complaint SCA solution in what is now a very short time frame.

1. Define a clear project scope

Before you even think about starting a project, you need to define its scope. The more detail you can set down now, the smoother the implementation will be. In addition to listing the deliverables, describe the implementation process itself. How do you want to manage the project, for example? Will you use PRINCE2 or take an agile approach?

2. Determine your organization’s SCA requirements

Gather from key stakeholders all SCA requirements for your organization. Getting to grips with these – very clearly understanding and defining them – will help you select the right vendor and solution for your needs. You will also be able to include this information in the vendor proposal, providing clarity over your requirements at the start, and ensuring they are all met in the end. A project like this involves more than finding the best solution from a technical perspective or something “good enough for now” from a regulatory one. Important considerations could include your existing systems, other planned investments, anticipated changes in business strategy and product positioning, the user base, and budget, of course.

3. Choose the right implementation partner

With the PSD2 deadline so close, it would be prudent to select a technology partner with an off-the-shelf solution meeting all your requirements – and, crucially, those of the regulator. Our Transakt product, for example, offers a PSD2-compliant SCA solution already widely used across Europe and judged “state-of-the-art” by independent consultancies like Bonn-based SRC Security Research & Consulting.

4. Keep calm but act now

Although the clock is ticking ever more loudly towards the PSD2 deadline, it is important that you don’t make any overly hasty decisions. Don’t panic. Rush now and it may very well backfire on you later. An experienced vendor will aid you in making the most of the remaining time, as will a proven product with a short time to market. Entersekt’s end-to-end SCA solution generally takes between two and four months to final go-live.

Bottom line

Time is short. Find the right partner with an off-the-shelf-product to successfully implement your PSD2 SCA solution in time. Be thorough in your preparation, and you can’t go wrong!

About the author

Sander Voorwinden

Sander Voorwinden

Project Manager

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.