Transition to PSR & PSD3 Diana Kučerová 12. 1. 2026

Strong Customer Authentication: Transition to PSR & PSD3

ARRANGE A MEETING Button
01

Transition to PSR & PSD3

Are you ready for the new EU standards for SCA?

While the PSD2 directive introduced the Strong Customer Authentication (SCA) standard and gave rise to modern mobile keys, the new PSR regulation pushes the boundaries of security and accessibility even further.

It builds on a proven combination of factors that verify your identity, but introduces fundamental changes in the obligation to offer alternatives to smartphones.

The basis of SCA remains the compliance of at least two of the following pillars:

Icon
Knowledge

Traditional authentication using information you know – typically a password or PIN.

Icon
Possession

A physical object in your hands, such as a HW token, smart card, or smartphone.

Icon
Inherence

Your unique biometric features – most commonly fingerprint, FaceID, or behavioral biometrics.

2560x1440_psr-psd3_02
Use of SCA
Strong Customer Authentication must be used when a client:
Icon
Accesses their payment account online;
Icon
Accesses payment account information;
Icon
Initiates a payment order for an electronic payment transaction (including direct debits and subscriptions according to Art. 85);
Icon
Any remote action with a risk of payment fraud or other misuse.

If a financial institution fails to provide the necessary services for strong customer authentication, it bears full responsibility for any resulting financial losses. According to Article 58 (PSR), providers are in such cases obliged to compensate all affected parties for damages.

When will PSD3 and PSR become effective?

Q1–Q2 2026 | Final political agreement
Expected conclusion of the legislative process at the EU level.

2026–2027 | PSR Regulation in force
The regulation becomes effective immediately upon publication in the Official Journal of the EU (expected: mid-2026).

2027–2028 | Full application of PSD3
Deadline for transposition of the directive into the national legislation of member states (typically 18–24 months from approval).

Providers must not make strong authentication (SCA) conditional on a single method, nor directly or indirectly require ownership of a smartphone.

What are the options beyond a mobile token?

Monet+ offers proven solutions that allow banks to fulfill the obligation of alternative SCA methods and ensure the highest security:

SmartCard

A chip card with the possibility of expanding functionalities (QSCD).

USBToken

A hardware key in the form of a USB flash drive (QSCD).

OTPToken

A device generating one-time passwords/codes.

BYOK+ desktop application

Support for clients’ own FIDO2 tokens (e.g., Thales, Yubico) with the provision of a banking client application for authorizations.

I AM INTERESTED Button
A Trusted Partner
How does Monet+ help?

Our solutions are designed for full compliance with the strictest PSD3/PSR requirements, emphasizing security and user comfort.

1
HW Supply and Personalization

We own a personalization line located in the Czech Republic for SmartCard, USB, and OTP tokens.

2
Targeted HW Distribution

We send tokens directly to your clients worldwide. We can ensure that tokens reach your clients' hands securely and on time.

3
Software Ecosystem

Comprehensive tools for token management and their integration into the banking environment.

4
Support for Standards

Easy integration of client applications and support for external keys (BYOK).

I WANT A CONSULTATION Button
comp-reader-card_3
Find out how we can help you with a timely transition to the new PSR standards.
ARRANGE A MEETING Button
Scroll to Top