Platform
Platform
Drop-In Authentication
Passkeys
Phishing-resistant, FIDO2/WebAuthn
Biometric authentication
Face and device-native biometrics
WhatsApp OTP
Global reach, lower cost than SMS
Email OTP
Universal second factor
App push authentication
Native device push notifications
Palm biometrics
Contactless identity verification
All authentication methods
KEY FEATURES
No-code rules engine
Step-up auth, risk policies, alerts
User observability
Audit trails, dynamic linking
Risk-based authentication
Adaptive MFA by context
Session management
Persistent sessions across channels
Digital credentials API
Verify sovereign digital IDs
Pre-built UI
Fastest deployment path
Passkeys
Deploy phishing-resistant passkeys across web and mobile in days
Solutions
Solutions
USE CASE
Account Takeover Prevention
Stop ATO without adding friction
Go Passwordless
Replace passwords with passkeys
Account Recovery
Secure self-service recovery flows
Call Centre Authentication
Verify callers without KBA
SMS Cost Optimisation
Cut OTP costs up to 90%
Existing Apps (Drop-In)
Add auth without re-architecting
Palm biometric payments
Contactless in-store payments
INDUSTRY
Financial Services & Banking
Secure high-value transactions
Healthcare
Authentication for ePHI access
Loyalty Programs
Protect points and member accounts
ROLE
Engineering
Fast integration, flexible SDKs
Product
No-code flows, conversion insights
Cybersecurity
Risk policies, compliance, audit trails
PricingCustomers
Resources
Resources
LEARN
Blog
Guides
Regulatory
Templates
Docs
COMPANY
About Us
Why Authsignal
Partners
Careers
Security
Contact
INTEGRATIONS
Amazon Cognito
Auth0
Azure AD B2C
Custom identity provider
Duende IdentityServer
All integrations
Docs
Start a trial
Book a callLogin
AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Right icon
Blog
/
Current article
Passkeys
PSD2 SCA
Implementation
Compliance
Guides

How to meet PSD2 Strong Customer Authentication (SCA) dynamic linking requirements with Authsignal.

Hamish Meikle
⬤
May 14, 2025
Share
How to meet PSD2 Strong Customer Authentication (SCA) requirements using passkeys with Authsignal

What is PSD2? What are the PSD2 revisions?

The second Payment Services Directive (PSD2), adopted in 2015, sets rules for retail payments in the EU, both euro and non-euro, domestic and cross-border. PSD2 builds on the first Payment Services Directive (PSD1) from 2007, which created a harmonized legal framework for an integrated EU payments market.

In 2022, the European Commission evaluated PSD2, focusing on charges, scope, thresholds, and access to payment systems. One of its critical components is the Strong Customer Authentication (SCA) requirement, designed to increase the security of electronic payments and reduce fraud.

How to comply with PSD2's Strong Customer Authentication (SCA)?

This step-by-step guide is designed to show how merchants and payment service providers can implement authentication challenges in order to comply with PSD2's Strong Customer Authentication (SCA) dynamic linking requirements while also ensuring a seamless customer experience by using passkeys with Authsignal.

Key Points of Strong Customer Authentication (SCA):

  1. Purpose:
    • To enhance security for online payments and transactions.
    • To reduce fraud and increase consumer trust in electronic payments.
  2. Requirements:
    • SCA mandates the use of two or more independent elements from the following categories:
      • Knowledge: Something the user knows (e.g., password, PIN).
      • Possession: Something the user has (e.g., mobile phone, hardware token).
      • Inherence: Something the user is (e.g., fingerprint, facial recognition).
  3. Applicability:
    • Applies to electronic payments within the European Economic Area (EEA).
    • Covers online transactions, bank transfers, and access to payment accounts.
  4. Exemptions:
    • Low-value transactions (under €30).
    • Recurring transactions (after the first SCA-protected payment).
    • Transactions with trusted beneficiaries (after initial SCA).
    • Low-risk transactions based on real-time fraud analysis.
  5. Implementation:
    • Financial institutions and payment service providers must comply with SCA requirements.
    • Retailers must ensure their payment processes support SCA, impacting user experience.
  6. Impact:
    • Enhances security and trust in digital payment systems.
    • Introduces challenges for merchants and payment service providers in ensuring compliance while maintaining a smooth customer experience.
    • Encourages the adoption of advanced authentication technologies.

SCA is a critical element of PSD2, which aims to secure electronic payments, safeguard consumers against fraud, and foster innovation in the financial sector.

In this blog, we'll demonstrate how Authsignal can help you meet the SCA requirement, including the critical aspect of dynamic linking, using passkeys, and contextual messaging.

Creating an action for a user payment.

Let’s create an action configuration for our payment action and head to the Rules section.

Payments that are under €30 are exempt from the PSD2 Strong Customer Authentication requirement. Therefore we can create a rule to require authentication when the payment amount exceeds €30.

Implementing dynamic linking with contextual messaging

Dynamic linking is a crucial component of the Strong Customer Authentication (SCA) requirements under the Revised Payment Services Directive (PSD2). It ensures that electronic payment transactions are securely linked to specific transaction details, enhancing the security of the transaction process.

Authsignal’s contextual messaging feature takes care of the following aspects:

  • Dynamic linking requires that the authentication process is uniquely tied to the amount of the transaction and the payee.
  • Payment service providers must ensure that users can clearly see and verify transaction details during the authentication process.

When a user has been required to strongly authenticate before making their payment, we can utilize contextual messaging to show the user the transaction details.

In the contextual messaging section for your payment action configuration, you can create and preview a message that your users will see when authenticating.

We used a custom data point called, paymentAmount , in our Require SCA rule. Any custom data points we use in our action’s rules are available to be inserted into our contextual message.

Integrating the payment action into your application

Now that we have our payment action configured to meet the SCA requirement let’s add it to our e-commerce application.

Visit the Integration tab to get a snippet that you can add to your code, e.g.

const { url } = await authsignal.track({
  userId: user.id,
  action: "payment",
  redirectUrl: "<https://yourapp.com/callback>",
  custom: {
    paymentAmount: payment.amount,
  },
});

Then follow our Using the pre-built UI guide to finish off your integration.

Demo of Strong Customer Authentication (SCA) using passkeys with Authsignal

With our integration complete, we can see that the user is being required to strongly authenticate with a passkey. The transaction details are also presented to the user: “Authenticate before proceeding with your payment of $262”.

By leveraging Authsignal, businesses can efficiently meet PSD2's Strong Customer Authentication (SCA) requirements, including dynamic linking, to ensure secure and compliant transactions. Authsignal's advanced authentication solutions, such as passkeys, enhance security, reduce fraud, and provide a smooth user experience, making it an essential tool for navigating the complexities of modern digital payments.

Create a free account and start integrating passkeys with Authsignal.

Question icon
Have a question?
Talk to an expert
NewsletterDemo PasskeysView docs
Passkeys
PSD2 SCA
Implementation
Compliance
Guides

You might also like

The passkey UX patterns that drive adoption in 2026
Passkeys
Passkeys implementation

The passkey UX patterns that drive adoption in 2026

July 2, 2026
What is silent network authentication, and how does it work?
Silent Network Authentication
SNA

What is silent network authentication, and how does it work?

June 26, 2026
HIPAA MFA requirements and what to do before the final rule lands
Passkeys
Step up authentication
Adaptive MFA
SMS Alternative

HIPAA MFA requirements and what to do before the final rule lands

July 4, 2026

Secure your customers’ accounts today with Authsignal

Passkey demoCreate free account
Authsignal Purple Logo

Authsignal is a drop-in authentication and orchestration layer for consumer-facing businesses. Passkeys, adaptive MFA, and omnichannel verification on top of your existing identity stack. Deployed in weeks, not quarters.

AICPA SOCFido Certified
LinkedInTwitter
Platform
Drop-In Authentication
PasskeysBiometric authenticationWhatsApp OTPEmail OTPApp push authenticationPalm biometricsSMS OTPEmail OTPMagic LinksAuthenticator apps (TOTP)
View all auth methods
KEY FEATURES
No-code rules engineUser observabilityRisk-based authenticationSession managementDigital credentials APIPre-built UI
All authentication methods
Pricing
Customers
Solutions
USE CASE
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
Palm biometric payments
View all use cases
industry
Financial services
Healthcare
Marketplace
View all use cases
ROLE
Engineering
ProductCybersecurityDocs
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
LEARN
BlogGuidesRegulatoryTemplatesDocs
COMPANY
About usWhy AuthsignalPartnersCareersSecurityContact
Integrations
Amazon Cognito
Azure AD B2C
Duende IdentityServer
Keycloak
Auth0
NextAuth.js
Custom identity provider
All integrations
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2026 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies