| Overview of the Embedded SCA procedure | |
|---|---|
| ◆ | Via the Embedded SCA procedure, a direct connection is established between the Identity Consumer (Third Party Provider, TPP) and the user's eID app. |
| ◆ | The TPP passes an eID request to the app. The user then performs SCA on the request using their eID credentials issued by the Identity/Attribute Service Provider(s), for example a bank. |
| ◆ | The SCA proof is returned directly to the TPP by the eID app. No communication is necessary between the TPP and the Identity/Attribute Service Providers' server(s). |
|
|
Features > Embedded SCA
| Benefits of Embedded SCA | |
|---|---|
| ◆ | The major benefit of the Embedded SCA procedure is that SCA can be still performed even when the user's eID app does not have a network connection. This removes unnecessary friction at the Point of Sale (POS), for example. |
| ◆ | Embedded SCA also offers significant benefits to Enterprise Resource Planning (ERP) and Treasury Management packages. Often these packages include a multi-user approvals workflow with complex user entitlements. |
| ◆ | This allows the package to directly integrate with a user's (bank issued) eID app to approve payments whilst retaining control of the workflow and entitlements. Once the package has captured the necessary approvals, the payment(s) are transmitted to the bank with the all the SCA proof attached (i.e. as a Signed Payment Request). |
| Our approach to Embedded SCA | |
|---|---|
| ◆ | A key pre-requisite of Embedded SCA is the establishment of open interoperability standards to enable direct integration (via an internet or proximitiy connection) between the eID app and a TPP. |
| ◆ | In order to support the establishment of these standards, Quali-Sign has participated in the Berlin Group 'Signed Payment Request' working group which has submitted a change request to the NextGenPSD2 API standard. |
| ◆ | The Signed Payment Request standard includes an Advanced Electronic Signature (AdES) profile for SCA. It utilises Diffie-Hellman (ECDH) for end-to-end encryption. It exploits QR codes and Bluetooth Low Energy (BLE) for proximity communication. |