Our latest insights

Reviewing Access Control Server Integration for SCA

Share this post

When a transaction is initiated on a mobile application, an ACS reviews the details of the transaction. If the ACS is unsure about the accuracy of the initiator’s identity, the ACS challenges the transaction initiator to prove that they are in fact the legitimate owner of the transacting account. If an ACS decides to challenge a user, the Okay SDK receives the transaction data from the secure server and displays a secure screen to the user. The Okay SDK waits for the user’s response and then communicates the response back to the Okay secure server. The Okay secure server then returns the user’s response to the ACS. The ACS will proceed to inform the server processing the transaction about the final status of the transaction. For a full breakdown, click here.

As always, it is incredibly important that the device which displays the transaction information is also protected. Why? Because most devices are vulnerable to a numerous array of attacks and malware infections.

For more detailed and technical guidance on how to use our APIs in your ACS server, check out the blog post on Setting up Two Factor Authentication, and our documentation page that helps you integrate the Okay app with your service.


Read the full article at okaythis.com/blog.


Who is Okay?
Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2’s SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit okaythis.com.

More To Explore