PSD2 SCA & Dynamic Linking
Designed for banks and fintechs, Keyless ensures PSD2 SCA compliance with two-factor authentication and in-built dynamic linking.
PSD2 SCA & Dynamic Linking
Designed for banks and fintechs, Keyless ensures PSD2 SCA compliance with two-factor authentication and in-built dynamic linking.
What is PSD2 SCA?
PSD2 Strong Customer Authentication (SCA) is a regulation that applies to all banks and payment providers in the EU. It requires that customers are authenticated using at least two independent factors from the following categories:
- Something the user knows (like a PIN or password)
- Something the user has (like a phone or hardware token)
- Something the user is (like a fingerprint or facial recognition)
On top of this, PSD2 also requires dynamic linking. This means that when a customer approves a transaction, it must be tied to both the exact amount and the recipient’s account details.
Example
If a customer approves a €500 payment to account A, but a remote attacker tries to change the amount to €5,000 or switch the recipient to account B, the transaction must fail. Dynamic linking ensures that any change to the amount or recipient breaks the approval and requires a new, verified confirmation.
This approach helps prevent fraud - even if a login or device is compromised - by making sure each transaction is explicitly authorised by the right person.
What’s Changing with PSD3?
PSD3 is expected to come into effect in 2026, introducing stricter rules around fraud liability and consumer protection. One of the key changes is that banks and payment providers will face greater responsibility if unauthorised transactions occur.
This makes it even more important to prove that the right person approved each action. By combining biometric authentication with dynamic linking, organisations can reduce fraud risk and demonstrate compliance - helping to meet the higher standards set out under PSD3.
Benefits of Dynamic Linking for Banking Compliance
For banks, meeting PSD2 Strong Customer Authentication requirements means proving two things: who the user is, and what they’re approving.
Dynamic linking ties each transaction to its exact amount and recipient. When combined with biometric authentication, it confirms both the user's identity and intent in real time.
This stops fraud even if a device or credential is compromised - and keeps the approval experience simple and compliant.
Two factor authentication, one user action
Keyless is multi-factor by design, verifying a user's face and their device with a glance, fulfilling the mandate's MFA requirements.
Dynamic linking for payment authorization
Every transaction is tied to a unique code that includes the amount and recipient - meeting PSD2’s dynamic linking requirement without extra user effort.
Case study: International Bank
An international bank based in the EU was looking for a PSD2 SCA-compliant authentication solution that offered dynamic linking without increasing user friction.
Keyless was chosen due to its unique ability to independently authenticate possession and inherence without centrally storing biometric data.
Why Choose Keyless for
PSD2 SCA and Dynamic Linking
Combine inherence and possession with passwordless biometrics, ensuring strong authentication with a single selfie.
Securely link transaction details to unique one-time codes, meeting PSD2 requirements without user friction.
Authenticate transactions seamlessly via our Mobile SDK, offering compliance and superior usability.
Adopted by EU banks for PSD2 SCA compliance, ensuring security without storing biometric data.
Authenticating payments
Listen to our Co-Founder and COO Fabian Eberle explain what Strong Customer Authentication is.
The Keyless Advantage
Request your custom demo video
Select your use case and one of our technical experts will personally record a short demo video - sent straight to your inbox.
Related Resources
Passwordless is Just the Beginning.
The Future is Keyless.
Consumer Solutions
Workforce Solutions
PSD2/SCA Compliant
GDPR Compliant
CCPA Compliant
FIDO2 Certified
FIDO Biometrics Certified
ISO 27001 Certified
ISO 9001 Certified
ISO/IEC 30107-3 Certified
NIST Accredited
eIDAS Module Certified