How Okay Can Help with PSD2 RTS SCA Compliance

Share this post


Okay started its compliance journey back in 2015 with our first security evaluation. As this was before the PSD2 was finalised, the target of the evaluation was to meet the European Central Bank’s “Recommendations for the Security of Internet Payment.” These recommendations were perhaps the first official documents where the term “Strong Customer Authentication” (SCA) was used.

Recently, we did a similar evaluation against the RTS, also known as the “Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under PSD2” (2017), which was also a success. For both evaluations, we followed the same four-step methodology:

  • Build a formal model of the Okay solution
  • Go through the requirements paragraph for paragraph
  • Evaluate whether the requirement was relevant for SCA
  • Verify if the requirement was fulfilled by the model

But why did we do these evaluations? Of course they are required. But you can also use the evaluations to help uncover issues and design challenges, proving to your customers that the security your solution provides meets compliance standards, is well tested, and strong.

Where Can Okay Help?

As a technical provider, Okay’s primary goal is to help with securing authentication and transaction authorisations, including all the technical requirements that follow once that has been done.

We also help you meet your compliance requirements by sharing documentation produced by internationally recognised independent third parties. This allows you to create both declarations of conformity and security reports, demonstrating your regulatory requirement compliance to auditors and supervisory authorities.

Read the full article at

Who is Okay?

Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2’s SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?