Cyclos app and PSD2

jar · Post by **jar** » Thu May 23, 2019 6:29 am

Hi,

PSD2 demands that all logins to a payment account must have SCA (Strong Customer Authentication). This means 2 of 3 requisites to make a login.
The requisites are something the user knows (knowledge), or something the user have (possession) or something the user is (inherence).

This means that besides username/password (knowledge), we need to ask for a OTP (possession) or a fingerprint (inherence). Nowadays, cyclos app uses fingerprint as substitute of username/password. This means that uses inherence as substitute of knowledge. Conclusion, it uses only one of the 3 requisites to access a payment account. PSD2 demands that 2 of 3 of these options are fullfilled to allow a connection to a payment account.

So, my post aims to ask Cyclos team to add OTP to app login. This must be made before 14 September 2019. On this day, this feature must be online to all European Customers of Cyclos that must comply with DSP2.