SCA requirements FAQ

Strong Customer Authentication (SCA) — a requirement aimed at increasing the security of payments —  came into force on 14 March 2020 under the PSD2. All European payment services must comply with it. According to the requirement, ePayments has implemented the additional level of security. We have added the obligatory two-factor authentication for all important actions in the system.

To use our service, you need a device with the installed ePayments app (you can get it in App Store or Google Play). There you will confirm your login to the account, as well as your financial transactions and other important actions.

⚠ You won’t be able to use the ePayments service without a mobile device with our app.

Frequently Asked Questions:

  1. Is it necessary to use a mobile device? Why?
    Yes, it is, and we require this to comply with the Strong Customer Authentication (SCA) regulatory obligations. This means that enhance your security, we will request a second factor of authentication every time you access your account or perform a transaction. This factor will be generated through the ePayments app, so you need a mobile device to use the service. 
  2. What are the Strong Customer Authentication (SCA) and the second factor of authentication?

    Strong Customer Authentication is a requirement aimed at increasing the security of payments and reducing fraud. All European payment service providers must comply with it. 

    According to SCA, two of the three factors must be requested during the authentication:

    • Data that a customer knows (password or PIN code)
    • Device that a customer owns (for instance, mobile phone)
    • Who a customer actually is (fingerprint or face recognition)

    The second factor (i.e. device availability) is a mandatory step in ePayments. In addition, we will request the first or the third factor, depending on your transaction and the device model.

  3. What directive requires SCA compliance?
    The Strong Customer Authentication (SCA) requirement must be met under the Second Payment Services Directive (PSD2) which is enacted within the EU. It came into force on March 14, 2020. You can find out more on the Financial Conduct Authority’s website.
  4. I live in a non-EU country. Why is PSD2/SCA applicable to me?
    PSD2 applies to all European payment service providers. ePayments operates under UK law and is authorised by the FCA, so we are obliged to provide services to our customers in strict compliance with PSD2 requirements.
  5. What to do if I don’t have a smartphone?
    Unfortunately, in this case you will not be able to use our service. You need to have a mobile device with our app to use ePayments.
  6. I have always used only the ePayments web version. What am I supposed to do now?
    You can still use the web version of the service, but now you will have to confirm your login and transactions via the ePayments app. In order to do this, download the app to your mobile device and make it trusted (see instructions above).
  7. I want to turn off 2FA, how can I do this? According to our security policy, two-factor authentication can’t be disabled. It is a mandatory option that protects your personal data and money.
  8. Can I register several trusted devices if I use several phones?
    No, you can have only one trusted device.
  9. I have a corporate account and make dozens of transactions per day. Do I have to confirm each of them?
    Yes. According to SCA requirements, you must confirm each transaction separately. Mass transfers are considered as one transaction, so you can confirm it once.
  10. Can I use a rooted device and make it trusted?
    No, rooted devices do not meet safety requirements.