The reason why re-enrollment is so sensitive is simple: when you do an app-based strong customer authentication (SCA), the user has already been authenticated on the device. This means that it is possible to check the ‘possession’ factor using a device fingerprint from before.
If a customer has a new device, and has an existing device registered to their account, we recommend using SCA to enroll. A typical way to do this would be to use a QR code that the user can scan from one device to another. In the case where there are no existing devices linked to an account, we recommend that the customer go through a full “know your customer” (KYC) procedure in order to re-enroll their new device.
One of the ways we’ve helped our customers strengthen their re-enrollment process is to implement a mechanism known as ‘magic link’. A magic link is a link received through a semi-secure channel that authorises the customer to use a particular device. Using a link like this can be practical, as the re-enrollment procedure might be stretched out over time.
Interested in hearing more about Magic Links? Be sure to read the full article at okaythis.com/blog.