Related content
Strong Customer Authentication
Standard SCA
- Reduce risk of fraud
- Increase consumer trust
- Grow competitor landscape
WorldFirst remain committed to continue protecting customers against fraud and cybercrime.
With PSD2 casting a huge spotlight on the need to improve security in the payments space, ‘strong customer authentication’ (SCA) has been introduced as a key component in ensuring this happens. SCA provides consumer protection and aims to reduce the risk of unauthorised transactions and fraud. Along with open access, SCA is a core component of the Regulatory Technical Standards (RTS) introduced under PSD2.
Adding an extra layer of security onto the traditional username and password, two-factor authentication (2FA) is a crucial part of SCA. A common form of 2FA is the delivery of a one-time passcode that is sent to the mobile phone number associated to your account. Initially, WorldFirst delivered these codes by SMS. With standard SCA, you are required to enter your username and password along with a one-time passcode that is sent to the mobile phone number, associated with your account, via SMS.
SCA at WorldFirst for our mobile platforms
If you use one of our WorldFirst apps we will be asking you at login, when you add or manage a beneficiary or when you make a payment to use your biometrics (fingerprint or facial recognition).
If you have an older device that doesn’t support biometrics you will be asked to enter your unique pass code.
Can I avoid having to use 2FA on my WorldFirst account?
Customers based in the EEA, who have signed up to WFUK T&Cs or are affiliated or conduct business with an entity/person within the EEA cannot opt-out of 2FA/SCA.
Is Secure Customer Authentication via SMS secure?
Yes. The use of Secure Customer Authentication (SCA) using SMS or voice is more secure than not having any form of SCA at all. Stealing information via SMS is significantly more difficult for cybercriminals.
If you’re concerned about the risk of sim swap, we recommend that you download the Authy app which generates a Time-based One-Time Passcode (TOTP) for login.
Login
How can I login with SCA?
Upon login, you will need to authenticate yourself by entering your username and password. You should never share these credentials with anyone else.
You will then be asked to authenticate with a one-time code that will be delivered by SMS or the Authy App.
Logging in with SMS
If you are not registered with the Authy app, after you enter your username & password, you will be presented with an additional screen, where you will be asked to enter a 6-digit code in order to finish the authentication process.
This code will be delivered via text message (SMS) and can also be delivered via text to voice on landlines for those in poor coverage areas*.
*subject to the functionality being supported by the national telephony infrastructure.
Logging with the Authy app
If you have the Authy app and have registered the same number that WorldFirst has on account, and have previously logged in successfully, you will be presented with an additional screen, where you will be asked to enter a 6-digit code in order to finish the authentication process.
This code will be delivered via the Authy app. This 6-digit code refreshes every 20 seconds. You can read the code from multiple Authy devices. Once you have Authy you will no longer receive an SMS each time you login, unless you manually select SMS as your method of verification. If you select SMS you should follow the steps above.
Please note: for customers logging in the for the first time, if you have the Authy app, verification will still be sent via SMS. On subsequent logins, verifications will be sent to the app, unless you opt for SMS. For more information on the Authy app you can follow our guide.
Login with mobile apps
If you log into the WorldFirst Money Transfer App or the International Collections Account App (formerly the World Account App) you will be required to enter the username and password that you use to login to our online platform.
You will then receive an SMS to the verified phone number set up on the online platform to login. Following this, you will need to create a unique pin and/or enable biometrics for any subsequent logins.
Beneficiaries
How can I make my beneficiaries trusted?
Upon login, you will need to authenticate yourself by entering your username and password. You should never share these credentials with anyone else.
You will then be asked to authenticate with a one-time code that will be delivered by SMS or the Authy App.
Trusting beneficiaries via SMS
For customers not registered with Authy, your 6-digit code will be delivered via text message (SMS). This will not be the same 6-digit code you used to log in.
The SMS text message will also contain the beneficiary name that you are adding. SMS messages can also be delivered via text to voice on landlines for those in poor coverage areas.
What if I am unable to authenticate?
If you are unable to successfully authenticate by SMS or the Authy app then the beneficiary will be saved as ‘untrusted’.
You will need to re-authenticate using SCA (SMS or Authy) to make the beneficiary trusted.
Payments
How do I authenticate a payment?
Payment authentication via SMS:
There will be an additional screen, where you will be asked to enter a 6-digit code in order to finish the authentication process
This will be delivered via SMS text message (it can also be delivered via text to voice on landlines* for those in poor coverage areas) .
The SMS text message will feature additional information:
- If you are instructing a single payment it will include the total amount you are paying and the full name of the beneficiary
- If you are instructing multiple payments, you will see the total sum amount you are paying and the sum of the beneficiaries you are paying
*Subject to the national telephony infrastructure in your location supporting this functionality
What if I am unable to authenticate via SMS?
Unfortunately, if you are unable to successfully authenticate a payment using SMS then that deal will not be booked, and no payment will be made.
You will either need to re-authenticate using SCA or contact your account manager to book a telephone deal.
No payment can be made online without successful strong customer authentication.
Further FAQs
Will things change in the near future?
Account security is something we all take very seriously and must continually develop, review and improve.
We are already starting to investigate alternative methods for authentication to make managing your account even more convenient without compromising on security.
I live in an area with poor mobile phone coverage, how can I receive my SMS text message?
If you cannot authenticate with SMS or telephony, download the Authy App and authenticate via internet access on your mobile, tablet or desktop.
You can download Authy App with SMS (telephony not yet available).
Once you have the Authy App available then you can authenticate on multiple devices.
How do I inform WorldFirst that I have a new phone number for SMS authentication?
Log into your account with your existing device and enter your new number under your profile settings.
You will first receive an SMS with a 6-digit code to your existing device before you then receive an SMS with a new 6-digit code on your new device to verify your new number.
All new SCA codes will now be sent to your new mobile phone number.
In the case of theft or loss with your existing verified device please contact your dedicated account manager to inform them of any change to your mobile number.
