Strong customer authentication

With PSD2 casting a huge spotlight on the need to improve security in the payments space, strong customer authentication” (SCA) is one of the key components in ensuring this happens.

Adding an extra layer of security onto the traditional username and password, two-factor authentication (2FA) is a crucial part of SCA. A common form of 2FA is the delivery of a one-time passcode that is sent to the mobile phone number attached to your account.

Initially, WorldFirst will be delivering these codes by SMS. This greatly reduces the likelihood of fraudulent activity taking place should your login information ever become compromised.

SCA at WorldFirst for our online platform

This will work in much the same way that 2FA does for login, whereby you are required to enter a one-time passcode, except now this will be required at the point you add or manage a beneficiary, and when you make a payment.

SCA at WorldFirst for our mobile platforms

If you use one of our WorldFirst apps we will be asking you at login, when you add or manage a beneficiary or when you make a payment to use your biometrics (fingerprint or facial recognition). If you have an older device that doesn’t support biometrics you will be asked to enter your unique pass code.


By the 14th September 2019 all WorldFirst clients based in the European Economic Area or who have signed up to the WorldFirst UK &T&Cs will be required to use the WorldFirst 2FA/SCA solution.

Previously customers have been able to opt out of this requirement, however please note that from this date that will no longer be possible if you’re in the EEA or have agreed to our WFUK T&Cs. Please contact your account manager if you have any concerns on how these changes will impact you.