With PSD2 came Strong Customer Authentication, and with SCA came Dynamic Linking, a key component designed to prevent social engineering attacks during the processing of a transaction. It enhances SCA and is covered by the latest 3D Secure 2 upgrade.
SCA is an additional layer of security, based on at least two elements from the following categories: knowledge (something the cardholder knows, e.g., PIN, password), possession (something the cardholder owns, e.g., smartphone, token), and inherence (something the cardholder is, e.g., fingerprint, facial recognition, voice pattern).
Dynamic Linking aims to specifically link each transaction to its amount and the recipient of the payment. The end goal is to prevent social engineering attacks such as ''man-in-the-middle'' attack, where the fraudster attempts to interrupt the connection established between the payer and the payee and hijacks the authentication code in order to authorize fraudulent transactions. If Dynamic Linking is applied, a ''man-in-the-middle'' attack won't be successful because the authentication code will automatically fail if either one of the transaction details, transaction amount, or the payee, has been altered.
Article 5 of the Regulatory Technical Standards (RTS) specifies the requirements for Dynamic Linking. Four main requirements need to be taken into account when discussing Dynamic Linking, and those are the following:
Implementation of SCA enhanced with Dynamic Linking impacts many participants involved in the online payment chain. To conclude, the main goals of these heightened security measures affecting the payment chain can be summarized as follows: