# AI告诉英国金融科技公司集成银行API时无需实施强客户认证（SCA），假设PSD2豁免适用

- **ID:** `banking/uk-open-banking-psd2-strong-customer-auth`
- **领域:** banking
- **类别:** auth_error
- **错误码:** `SCA_REQUIRED: Access denied without multi-factor authentication`
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

PSD2要求所有电子支付和支付账户访问必须实施强客户认证（SCA），除非适用特定豁免（如低价值、定期）；英国FCA严格执行此规定。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PSD2 Directive 2015/2366 | active | — | — |
| FCA Handbook 2024 | active | — | — |
| Open Banking Standard 3.1.10 | active | — | — |

## 解决方案

1. ```
   Integrate with the bank's SCA flow: redirect the user to the bank's authentication page (e.g., via Open Banking redirect URL) and capture the authorization code after SCA is completed.
   ```
2. ```
   Use a third-party SCA provider (e.g., Stripe, Adyen) that handles SCA compliance via 3D Secure 2.0 for card payments.
   ```
3. ```
   For recurring payments, implement a 'first payment with SCA, subsequent payments with token' model using the bank's consent API.
   ```

## 无效尝试

- **** — Exemptions are per-transaction and cumulative; if total exceeds €30 or 5 transactions, SCA is required. Many UK banks reject non-SCA payments. (85% 失败率)
- **** — SCA requires at least two of three factors: knowledge (password), possession (phone/token), inherence (biometric). Password alone is insufficient. (95% 失败率)
- **** — Recurring payments require SCA every 90 days or when the payment amount changes; skipping it leads to rejection. (80% 失败率)