General information

XS2A interface offers embedded and decoupled SCA approaches with a selection of SCA methods as mechanisms of payments and consent authorisation.

Within the embedded approach, the communication between PSU and ASPSP is done through XS2A and TPP interfaces where

  • ASPSP validates PSU credentials and the 2nd factor;

  • XS2A provides TPP with authorisation instructions and error information;

  • TPP provides PSU with authorisation instructions and error information.

The step when PSU receives the 2nd factor from ASPSP is handled directly between PSU and ASPSP - outside the embedded SCA flow.

Within the decoupled approach, the communication between PSU and ASPSP is done through XS2A and TPP interfaces where

  • ASPSP validates PSU credentials and the 2nd factor;

  • XS2A provides TPP with authorisation instructions and error information;

  • TPP provides PSU with authorisation instructions and error information.

The steps when PSU receives the 2nd factor from ASPSP and provides it back to ASPSP for validation are handled directly between PSU and ASPSP - outside the decoupled SCA flow.

Flow diagrams

The diagrams below give a high-level overview of the embedded SCA message flow during payments and consent authorisation.

Consent creation and authorisation

More details about consent authorisation are available at Creation and Authorisation of an AIS Consent in Steps

Payment initiation and authorisation

More details about payment authorisation are available at Initiation and Authorisation of a Payment in Steps

Supported SCA methods

Currently, supported SCA methods

  • CHIP_OTP - triggers embedded SCA

  • SMS_OTP - triggers embedded SCA

  • PUSH_OTP - triggers decoupled SCA

More information about SCA methods can be found in Sandbox Test Accounts and Test Data