PSD2 Strong authentication with 3D Secure 2

Updated: 09 April 2024

Financial Conduct Authority UK – Strong Customer Authentication.


Access Control Server (ACS)
A service either hosted or related to the Issuing bank. Responsible for issuing challenge URLs and generating device fingerprints.

Account servicing payment service provider.

Cardinal Centinel
A 3D Secure MPI provider.

Credit card security code.

eCommerce indicator.

European Banking Authority

European Economic Area

EMV payment method

Merchant account
A merchant account is a type of bank account that allows businesses to accept payments by debit or credit cards. When a customer pays for your product or service with a card, the funds are first deposited into a merchant account before being transferred to a business bank account.

MOTO Transactions
Mail Order Telephone Order.

Merchant plug-in

Payment method
PayPal (aka “PayPal Business”), AmazonPay, ApplePay, Credit Card, Debit Card.

Payment Method Nonce
One time reference to a payment method stored in a Vault. Possibly has an expiration time.

Payment Method Token
Tokenised Credit Card data and device fingerprint. References a payment method stored in a Vault. This token can be used to create transactions without the PCI compliance burden that comes with handling unencrypted data.

Strong Customer Authentication. Banks will decline payments that require SCA but have not gone through authentication.

Leave a comment