{ "id": "banking/uk-open-banking-psd2-strong-customer-auth", "signature": "AI tells a UK fintech to integrate with a bank's API without implementing Strong Customer Authentication (SCA), assuming PSD2 exemption applies", "signature_zh": "AI告诉英国金融科技公司集成银行API时无需实施强客户认证（SCA），假设PSD2豁免适用", "regex": "SCA|strong.customer.auth|PSD2|multi.factor|access.*denied.*SCA", "domain": "banking", "category": "auth_error", "subcategory": null, "root_cause": "PSD2 mandates Strong Customer Authentication (SCA) for all electronic payments and access to payment accounts unless a specific exemption (e.g., low-value, recurring) applies; UK FCA enforces this strictly.", "root_cause_type": "generic", "root_cause_zh": "PSD2要求所有电子支付和支付账户访问必须实施强客户认证（SCA），除非适用特定豁免（如低价值、定期）；英国FCA严格执行此规定。", "versions": [ { "version": "PSD2 Directive 2015/2366", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "FCA Handbook 2024", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Open Banking Standard 3.1.10", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "Exemptions are per-transaction and cumulative; if total exceeds €30 or 5 transactions, SCA is required. Many UK banks reject non-SCA payments.", "fail_rate": 0.85, "condition": "", "sources": [] }, { "action": "", "why_fails": "SCA requires at least two of three factors: knowledge (password), possession (phone/token), inherence (biometric). Password alone is insufficient.", "fail_rate": 0.95, "condition": "", "sources": [] }, { "action": "", "why_fails": "Recurring payments require SCA every 90 days or when the payment amount changes; skipping it leads to rejection.", "fail_rate": 0.8, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Integrate with the bank's SCA flow: redirect the user to the bank's authentication page (e.g., via Open Banking redirect URL) and capture the authorization code after SCA is completed.", "success_rate": 0.95, "how": "Integrate with the bank's SCA flow: redirect the user to the bank's authentication page (e.g., via Open Banking redirect URL) and capture the authorization code after SCA is completed.", "condition": "", "sources": [] }, { "action": "Use a third-party SCA provider (e.g., Stripe, Adyen) that handles SCA compliance via 3D Secure 2.0 for card payments.", "success_rate": 0.9, "how": "Use a third-party SCA provider (e.g., Stripe, Adyen) that handles SCA compliance via 3D Secure 2.0 for card payments.", "condition": "", "sources": [] }, { "action": "For recurring payments, implement a 'first payment with SCA, subsequent payments with token' model using the bank's consent API.", "success_rate": 0.85, "how": "For recurring payments, implement a 'first payment with SCA, subsequent payments with token' model using the bank's consent API.", "condition": "", "sources": [] } ], "workarounds_zh": [ "Integrate with the bank's SCA flow: redirect the user to the bank's authentication page (e.g., via Open Banking redirect URL) and capture the authorization code after SCA is completed.", "Use a third-party SCA provider (e.g., Stripe, Adyen) that handles SCA compliance via 3D Secure 2.0 for card payments.", "For recurring payments, implement a 'first payment with SCA, subsequent payments with token' model using the bank's consent API." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://www.fca.org.uk/firms/strong-customer-authentication", "official_doc_section": null, "error_code": "SCA_REQUIRED: Access denied without multi-factor authentication", "verification_tier": "ai_generated", "confidence": 0.89, "fix_success_rate": 0.9, "resolvable": "true", "first_seen": "2024-05-12", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }