Secure Customer Authentication (SCA), combined with the requirement for end-users to reauthenticate every 90 days, is meant to provide a secure and reliable way for consumer to connect their bank accounts to regulated fintech services. Or at least that was the intention when it was enshrined in law as part of PSD2’s Regulatory Technical Standards (RTS). But the road to Hell is paved with good intention, and the path that SCA and the 90 Day Reauth rule have created has been chthonic at best, and hellish at worst: the entire Open Banking market has suffered from lost revenues, lost opportunities, and less innovation with fewer value propositions brought to market because of it.
