Most of us are familiar with the requirements of SCA, but as a reminder, at least two of the following elements are required for an end customer to be authenticated:
From a 3DS2 perspective, many financial organizations will be tempted to leave all of this SCA business to their existing access control server (ACS) provider. Now, they will do a fine job with the information available, but — and this is a key point — they can only utilize the information they can see. SCA will include the new, rich authentication data with online credentials such as IP address, browser accepts header, language, screen details and time zone.
Read the full article at ACI