Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is a security process that combines at least two independent factors for identity verification — e.g. password plus SMS code or fingerprint.
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) requires at least two independent factors for identity verification. The three factor categories are: knowledge (e.g. password, PIN), possession (e.g. smartphone, hardware token) and inherence (e.g. fingerprint, facial recognition).
In payment transactions, MFA is a central security element. Strong Customer Authentication (SCA) according to PSD2 requires at least two factors for electronic payments in the EU. In Switzerland, there is no direct PSD2 obligation, but most banks and payment providers use MFA as standard — for example, with 3D Secure or during e-banking login.
For merchants, MFA means: higher security for payments, less fraud, but potentially more friction in the checkout. Modern implementations (e.g. 3DS2 with Frictionless Flow) minimise the impact on your conversion.
MFA examples
A customer pays online with a credit card. 3D Secure requires confirmation via a banking app (possession) — this is MFA.
A merchant logs into the Dashboard of their PSP. In addition to the password (knowledge), they must enter a code from the authenticator app (possession).
Apple Pay uses Face ID (inherence) plus the registered iPhone (possession) as two factors for every payment.
MFA FAQ
What is multi-factor authentication?
MFA is a security process that combines at least two independent factors for identity verification: knowledge (password), possession (smartphone) and/or inherence (fingerprint).
Is MFA mandatory for online payments?
In the EU, MFA (as Strong Customer Authentication) is mandatory for most online payments under PSD2. In Switzerland, there is no direct obligation, but most banks and PSPs use MFA by default.
How does MFA affect your conversion rate?
MFA can slightly lower conversion because an additional step is required. Modern implementations like 3DS2 with frictionless flow minimize this effect by waving through low-risk transactions without interaction.
What is Strong Customer Authentication (SCA)?
SCA is the obligation under PSD2 to use at least two authentication factors for electronic payments. It is the regulatory counterpart to MFA in payment transactions.
