Strong Customer Authentication (SCA) is a regulatory cornerstone for secure digital finance in the European Union. For financial institutions, it plays a key role in protecting access to accounts, authorising payments, and maintaining customer trust. With the upcoming rollout of the European Digital Identity Wallet (EUDI Wallet), a new method for enabling SCA is emerging—one that is not only compliant, but also secure, user-friendly, and ready for cross-border use.

‍

This article explores how the EUDI Wallet can be used to perform SCA in regulated financial services, with a particular focus on payment authorisation. It will walk you through the regulatory background, show how SCA is typically handled today, and explain why wallet-based authentication is poised to replace outdated and fragmented solutions. You’ll also learn how this works technically, where it’s already being piloted, and how your institution can get started.

‍

Whether you're in compliance, payments, IAM, or digital innovation—this guide will help you understand how to move from regulation to opportunity with wallet-based SCA.

‍

‍

The regulatory foundation: PSD2, eIDAS 2, and mandatory wallet acceptance

‍

Strong Customer Authentication (SCA) was first introduced under PSD2 to enhance the security of electronic payments and access to financial data. It requires the use of at least two independent factors: something the user knows (e.g. a password), something the user has (e.g. a device), and something the user is (e.g. biometrics). For financial institutions, SCA applies to a wide range of user actions, including login, initiating payments, and accessing sensitive data.

‍

With the introduction of eIDAS 2, and specifically Article 5f, the regulatory landscape is evolving further. Under this article, all private relying parties in regulated sectors—including banks—must support the European Digital Identity Wallet for SCA-related processes by 2027, provided that the user opts to use it. This creates a new technical obligation for financial service providers: to accept credentials and authentication flows originating from EUDI Wallets that comply with the European regulatory and technical framework.

However, beyond compliance, this shift presents a significant opportunity. By supporting EUDI Wallet-based SCA, financial institutions can tap into a secure, standards-based, and interoperable infrastructure—one that promises greater user trust, lower fraud rates, and more consistent authentication experiences across borders. Rather than building and maintaining fragmented, device-specific or app-specific SCA methods, banks can rely on a harmonised wallet ecosystem that meets both technical and legal requirements.

‍

‍

Overview of SCA use cases in financial services

‍

To understand the potential of the EUDI Wallet for Strong Customer Authentication, it's important to first look at the full range of actions in financial services where SCA is required under PSD2. These aren’t edge cases—they represent critical, everyday interactions between banks and their customers:

‍

1. Access to Account (Login): First-time login to online or mobile banking.
2. Payment initiation: Starting a bank transfer or card transaction.
3. Payment authorisation: Confirming a transaction (e.g. via 3-D Secure or app approval).
4. Accessing sensitive payment data: Viewing full transaction histories or account details.
5. Adding or modifying a trusted beneficiary (Whitelist): Saving a new payee.
6. Setting up or changing standing orders: Managing recurring transactions.
7. Changing security credentials: Updating passwords, PINs, or biometric settings.
8. Changing personal information: Updating address, phone number, or email.
9. Re-authentication for third party providers (TPPs): Renewing consent for external apps

‍

Session re-authentication: Re-validating identity after a timeout or prolonged session.

Today, these use cases are typically handled using mobile banking apps, SMS one-time passwords (OTPs), or push notifications. While functional, these methods often come with downsides:

• High friction, especially when users switch devices or travel abroad.
• Security concerns, such as vulnerability to phishing or SIM swap attacks.
• High cancellation rates, especially in the payment checkout process with online shops
• Fragmented experiences, varying across banks, devices, and countries.

‍

For banks, this means managing multiple SCA methods across platforms and user segments—raising operational costs and complexity. For users to manage several different apps and authentication means which often lead to failed logins, abandoned transactions and lots of frustration.

This is where the EUDI Wallet offers a new approach: a harmonised European way across borders to handle all of these SCA interactions, using verifiable credentials and secure wallet flows.

‍

‍

Deep dive: Enabling payment authorisation with the EUDI Wallet

‍

Among the many Strong Customer Authentication (SCA) use cases, payment authorisation stands out as both high-impact and high-frequency. For this reason, payment authorisation is an ideal entry point for banks exploring wallet-based SCA.

The EUDI Wallet introduces a powerful mechanism to streamline this process: the payment attestation. 

This is a credential issued by the financial institution and stored in the user’s wallet. When a payment needs to be authorised, the bank sends a request containing the transaction details. The user reviews the information in their EUDI Wallet and confirms the transaction by signing a data package—this includes the transaction amount, payee, and a session-specific nonce—using a device-bound key. The resulting attestation is returned and verified by the bank before the transaction is executed.

‍

This approach not only fulfills all regulatory requirements for SCA, including dynamic linking, but also offers a significantly improved user experience. It replaces fragmented confirmation channels with a unified and secure flow. More importantly, the same structure used for signing transaction data can be reused to support a broad range of other SCA use cases—from accessing sensitive data to changing personal information—making it a future-proof building block for identity and authentication in finance.

‍

‍

Why the EUDI Wallet is ideal for Strong Customer Authentication

‍

The EUDI Wallet is not just a regulatory requirement—it is a technically robust solution that maps directly to the core principles of Strong Customer Authentication (SCA). By design, it supports all three authentication factors defined under PSD2, enabling a seamless yet secure user experience.

‍

First, the wallet itself represents the possession factor since the credential is issued by the financial institution and is tied to the user’s device and protected through secure hardware and cryptographic keys. Second, users can authenticate using biometric data or a PIN, fulfilling the inherence or knowledge factor. Together, these enable fully compliant two-factor authentication within a single, streamlined interface.

Crucially, the EUDI Wallet also supports dynamic linking, a key requirement for payment authorisation. This means specific transaction details are displayed in the user's EUDI Wallet and the user must confirm these specific transaction details—such as the amount and payee—before authentication is completed. These details are bound to the cryptographic signature, preventing tampering or replay attacks.

‍

‍

How financial institutions can get started today

‍

The adoption of the EUDI Wallet for Strong Customer Authentication (SCA) is already underway across Europe. Large-scale pilot projects such as EWC and NOBID are actively testing wallet-based payment authorisation flows in real-world settings, involving financial institutions, identity providers, and wallet providers. These pilots not only validate the user experience and technical feasibility but also contribute to the development of the common standards that will soon underpin the EUDI Wallet ecosystem.

Behind the scenes, a complex governance process is shaping the framework. Specifications are developed and refined within multiple consortia, then submitted to the European Commission, where they inform the Architecture and Reference Framework (ARF). From there, they will be formalized into Implementing Acts, making them binding for private and public sector actors across the EU.

‍

For banks, waiting until the final legal deadline to implement the EUDI Wallet is not a viable strategy—nor is trying to manage the transition alone. Regulatory requirements under eIDAS 2 are still evolving, with key elements like trust list handling, revocation processes, and metadata specifications yet to be finalised. At the same time, the final requirements in the market remain uncertain: national implementations differ, best practices are fragmented, and large-scale pilots are still shaping the standards.

‍

From a technical perspective, institutions must align with a complex mix of moving parts—including credential formats like SD-JWT VC and MDOC, communication protocols such as OpenID4VC, emerging trust frameworks, and the specific logic behind SCA flows like payment attestations. Limited testing environments and ongoing standard changes make this even harder.

‍

Approaching this without an experienced partner typically requires building a dedicated team across legal, product, and engineering— easily amounting to a seven-figure investment further requiring constant maintenance. Working with a specialist like Lissi dramatically reduces cost, time, and complexity, enabling banks to stay ahead of compliance and innovation.

‍

‍

Why Lissi: your partner for wallet-based SCA

‍

Lissi is a leading provider of EUDI Wallet infrastructure, offering everything financial institutions need to implement Strong Customer Authentication—both in pilot environments and in preparation for production deployment. While our core product is the Lissi Wallet Connector, a stable API-based solution for interacting with all EUDI Wallets, we also offer an ARF-compliant wallet that fully supports SCA, credential issuance, and wallet-based KYC processes for stable piloting.

‍

Unlike many fragmented solutions on the market, we ensure continuous compatibility between our Connector and Wallet—and go a step further by actively testing interoperability with multiple wallets, including the reference implementation and government-issued solutions. Our deep involvement in European pilots, such as EWC, and our continued work on financial use cases in the upcoming “We Build” Large-Scale Pilot initiative, ensure that our solutions remain aligned with the latest specifications and developments across the ecosystem.

‍

Trusted by banks such as Commerzbank and ING, our Starter Program combines robust technology with comprehensive support. Clients receive access to our cloud and on-premise software components and benefit from technical onboarding, API integration support, and deployment guidance. Beyond the technical layer, we offer strategic consulting on use cases, user experience, eIDAS 2.0 compliance, and developments in the EU wallet landscape—ensuring every institution is equipped to implement the EUDI Wallet securely, efficiently, and in line with current and future regulations.