Overview of the Decoupled SCA procedure |
◆ |
Via the Decoupled SCA procedure, an eID/SCA request is transmitted by an Identity Consumer (e.g. a Third Party Provider, TPP) to the central server of the Identity Service Provider (e.g. a bank). |
◆ |
The Identity Service Provider then asks the user to authenticate, typically by sending a push notification to the eID app on the user's smartphone. The user reviews the details of the request (e.g. a payment) within the eID app and can either approve or cancel the request. |
◆ |
The Identity Consumer is able to monitor the status of their request. Once the user has provided their approval, the Identity Consumer may be provided with the option to download a copy of the SCA proof from the Identity Service Provider's server. |
◆ |
However, in the case of payments, the TPP transmits an unauthorised payment request to the bank. Once the payment is authorised, the bank will immediatley process the payment. The TPP is able to monitor the status of the payment. |
◆ |
Also in the case of corporate payments, where multi-user approval is often required, the bank will typically coordinate the capture of SCA from multiple users. User entitlements are managed within the bank's platform. |