SCA (Strong Customer Authentication)
Related service Cybersecurity
DEFINITION
PSD2 requirement: two-of-three factors (something you know / have / are) on every online payment. 3DS 2.x is the standard implementation.
- Threat model→
A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
- Penetration test (pentest)→
Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
- DevSecOps→
Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
- MFA (Multi-factor auth)→
Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
- SOC 2→
A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6–12 months of observation) is the standard enterprise baseline.
- ISO 27001→
International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
- 0122 Apr 2026Hungarian fintech regulatory calendar 2026 · what MNB, NAV, and NAIH actually require this year→
- 0222 Apr 2026Payment gateway integration in Hungary · SimplePay, Stripe, Barion, Revolut Business in 2026→
- 0320 Apr 2026KYC integration for Hungarian fintech · the 2026 practitioner's guide→
- 0420 Apr 2026NIS2 for SaaS: minimum checklist for 2026→
- 0505 Mar 2026GDPR + AI: training on user data in 2026 · what's allowed, what isn't→
- 0618 Feb 2026EU AI Act for SaaS: what you actually have to do in 2026→