How does it affect payments made at my online outlet?

At present, customer authentication at secure online outlets is done by asking customers to enter their card number, its expiry date, its CVV and a one-time password (OTP) which is sent to their mobile phone by SMS.


From the moment la Autenticación Reforzada de Clientes (SCA) is required, the customer will be asked to enter their card number and its expiry date. In addition, however, the bank that has issued the card used to make the purchase will ask the customer for two of the following three types of authentication factors:

  • Knowledge: something they know. For example, their electronic banking password or certain positions of their card's PIN.
  • Possession: something they own. For example, the app linked to their smartphone or the mobile phone on which they receive the one-time passwords we send by SMS.
  • Inherence: something that "is". For example, biometric elements like facial recognition or fingerprints.


All of this must be performed by means of a secure protocol. Any outlets that aren't secure will therefore have to migrate to 3-D Secure. To migrate to this kind of protocol, the financial institution that offers the online payments gateway is responsible for setting out the necessary steps to update it.


Back to FAQs about PSD2 for outlets

For Unicaja Banco S.A., the holder of the web page, it is important to adapt to your tastes and preferences, for which we use own and third-party cookies, that gather connection data that may be linked to your registration user name, the purpose of which is to measure traffic and user interaction with the web page, to help to improve operation of the web content, as well as the services and products offered, preparing behaviour profiles, while always protecting your privacy. You may transparently choose the configuration that suits you best, without that causing any change in your usual operations.