Dual factor authentication + risk-based exemption UX + security balance with 3DS2.
SCA requirements
- Two independent factors (information + ownership + biometrics).
- Low amount exemption (30 EUR / transaction).
- Cumulative exemption limit.
3DS2 architecture
- Frictionless flow: 95% smooth operation.
- Challenge flow: high risk.
- SDK + browser flow.
Risk management
- Behavioral analytics.
- Device fingerprinting.
- Geographic anomaly.
Frequently asked
If Frictionless percentage is low?
Risk score improvement + 3DS2 SDK update.
Biometric data KVKK?
Special qualifications; Explicit consent + strict retention.
How about low failure rate?
Consumer education + UX improvement + bank selection.
Relevant legislation
- Law No. 6493 — Payment & electronic money; licensing, operating permit.
- BRSA Regulations — Payment institution / EML permission, capital, reporting.
- 5549 SK — MASAK; KYC, STR, regular activity.
- KVKK + GDPR — Data security, cross-border transfer.
- PCI-DSS — Card storage; PCI level 1-4 compliance.
Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case.