At Swan, Consent is built-in. This is quite special, because other BaaS' have their clients do it themselves. Setting up consent can be a real bother...We are happy to take it off your hands.
Some operations at Swan, such as initiating a payment, are sensitive and require user consent. This is obtained by sending a text message to the user. The user then consents via the web browser.
To protect the user and comply with legal requirements, consent can be given through a Strong Customer Authentication.
Strong Customer Authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) to payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.
When integrating SCA, the
oAuthUrlshouldn't be displayed in an iFrame. When clicked, the links should respect one of the following behaviors:
- 1.The link opens a pop-up that redirects the user to another page. Upon redirect, the pop-up closes automatically.
- 2.The link opens within the same page, then redirects the user to the rest of the flow.
When a Strong Customer Authentication is necessary, users can consent from their mobile devices. They'll receive a text message requesting their consent. Then, the user must enter their 6-digit security passcode or use biometrics when available.
If the end user doesn't receive a text message, they can either request the text message be sent again or consent by scanning a QR code.
Example of FaceID used to validate a transfer
The following mutations concern sensitive operations, and could require consent: