Within the embedded approach, the communication between PSU(end user) and ASPSP is done through the XS2A and the TPP interfaces, where
- ASPSP validates PSU credentials and the 2nd factor;
- XS2A provides TPP with authorisation instructions and error information;
- TPP provides PSU with authorisation instructions and error information.
The step when PSU receives the 2nd factor from ASPSP is handled directly between PSU and ASPSP - outside of the embedded SCA flow.
The diagrams below provides an overview of the embedded SCA message flow during payments and consent authorisation.
Consent authorisation with embedded SCA
Payment authorisation with embedded SCA
More details about payment authorisation are available at
More details about consent authorisation are available at
Supported SCA Methods
Currently supported SCA methods in XS2A are:
More information about SCA methods can be found in 09. Sandbox Test Accounts and Test Data.