Establishing Trust Anchors: The Link Between SCA and KYC

Share this post

While SCA is an important topic, SCA by itself is not enough to secure a transaction. In addition to doing SCA correctly, you also have to know exactly who you’re identifying – and that is where “know your customer” (KYC) comes into play. A few notes on that process:

1. When you start the KYC process, it is important that KYC occurs on the same device the process was initiated on, ensuring that the account created is for the correctly identified person.

2. During the KYC itself, it is important to check for artificially generated images and video. “Deepfakes” are a great example of a potential threat, as the technology continues to improve and becomes more easily accessible.

3. After the KYC is done, it is important that the identity established is properly secured for the next time the user needs to be identified.

Ultimately, doing KYC while onboarding a new customer may seem like a semi-normal task. However, it is important to not take this step lightly, as such a procedure becomes critical during re-enrollment. Namely if you’re a bank or eWallet provider, as your customers typically have a monetary balance on their account, which makes exploiting the re-enrollment process a tempting target (see our previous post on re-enrollment and magic links).

Now, what about trust anchors?

In cryptography, the definition of a trust anchor is “an authoritative entity for which trust is assumed and not derived”. The most common way to represent such a trust anchor is with a ‘certificate’. As such, the security of the validation process depends upon the authenticity and integrity of this certificate.

Want to know more about certificates and how they work? Head on over to our website for the full article, where we expand on trust anchors and the future of SCA and KYC.

Article by Okay AS

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?