SCA is mandated in PSD2 as way to add more security to online payments and online banking transactions.
The authentication is considered strong if a shopper is able to provide two out of the following factors:
- Something the shopper has.
- Something the shopper knows.
- Something the shopper is.
For example, a shopper is required to supply a one-time authentication code received on their phone (something the shopper has), and a password that only the shopper knows (something the shopper knows).