Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a security process that combines at least two independent factors for identity verification — e.g. password plus SMS code or fingerprint.
Multi-factor authentication (MFA)
Multi-factor authentication (MFA) requires at least two independent factors for identity verification. The three factor categories are: knowledge (e.g. password, PIN), possession (e.g. smartphone, hardware token) and inherence (e.g. fingerprint, facial recognition).
In payment transactions, MFA is a central security element. Strong Customer Authentication (SCA) according to PSD2 requires at least two factors for electronic payments in the EU. In Switzerland, there is no direct PSD2 obligation, but most banks and payment providers use MFA as standard — for example, with 3D Secure or during e-banking login.
For Comerciantes, MFA means: higher security in payments, less fraud, but potentially more friction in the checkout. Modern implementations (e.g. 3DS2 with frictionless flow) minimize the impact on conversion.
MFA Examples
A customer pays online with a credit card. 3D Secure requires confirmation via banking app (possession) — that is MFA.
A Comerciante logs into the Dashboard of their PSP. In addition to the password (knowledge), they must enter a code from the authenticator app (possession).
Apple Pay uses Face ID (inherence) plus the registered iPhone (possession) as two factors for every payment.
MFA FAQ
What is multi-factor authentication?
MFA is a security procedure that combines at least two independent factors for identity verification: knowledge (password), possession (smartphone) and/or inherence (fingerprint).
Is MFA mandatory for online payments?
In the EU, MFA (as Strong Customer Authentication) is mandatory for most online payments under PSD2. In Switzerland, there is no direct obligation, but most banks and PSPs use MFA by default.
How does MFA affect the conversion rate?
MFA can slightly lower conversion because an additional step is required. Modern implementations such as 3DS2 with frictionless flow minimize this effect by waving through low-risk transactions without interaction.
What is Strong Customer Authentication (SCA)?
SCA is the requirement under PSD2 to use at least two authentication factors for electronic payments. It is the regulatory equivalent of MFA in payment transactions.
