What Is Two-Factor Authentication (2FA)?

Two-Factor Authentication (2FA) adds an extra layer of protection to your account and payment actions. After entering your password, the system prompts you to confirm your identity with a second factor, such as a code from your phone.

What Is Strong Customer Authentication (SCA)?

SCA (Strong Customer Authentication) is a requirement of the European Union’s PSD2 (Payment Services Directive 2). It ensures that all electronic payments are protected using at least two independent authentication elements.

Our system fully complies with PSD2 and SCA requirements.

We Use Text Messages as an SCA Element. What Is It and Why?

In all text message (SMS) confirmation flows, we implement SCA compliant with PSD2.

Text messages are a certified method to prove device ownership.

They are always enabled for payment confirmation and cannot be turned off, as required to meet regulatory standards.

Read more about SCA above

What Has Changed in the Two-Factor Authentication Section?

Under Account Settings → Two-Factor Authentication, you’ll now find three clearly defined areas:

1. Authenticator Application (Google Authenticator)
   1. Use this to enable OTP (one-time password) codes via the Google Authenticator app. (Disabled by default)  
2. Payment Signature Used when confirming outgoing payments.
   1. SMS (SCA) is always enabled and not configurable.
   2. Optionally, you can enable either:
      1. Payment Password
      2. Or Google OTP
3. Login
   1. Used when signing into your account.
      1. Password is always required
      2. Optionally, you can enable either:
         1. SMS OTP
         2. Or Google OTP

How to Enable Google Authenticator

1. Go to Account Settings → Two-Factor Authentication. And in the Authenticator Application section, click the Edit icon.

2. Install Google Authenticator mobile app.

3. Hit 'Next' on the next screen. 

4.  Scan the QR code using your Google Authenticator mobile app.

5. Enter the 6-digit code generated by the app.

6. After verification, Google Authenticator will be enabled.

Then choose where you want to use Google OTP:

• For Login
• For Payment Signature
• Or for both

How to Disable Google Authenticator

Make sure Google OTP is not enabled for Login or Payment Signature.

If Google OTP is not in use:

1. Click the delete icon

2. Confirm the action with an SMS code

3. Google Authenticator will be successfully removed.

How Google Authenticator Works

Login

• Password is always required.

• If Google OTP is enabled, you’ll enter a 6-digit code from the app after your password.

Payment Signature

SMS is always required.

You can optionally add:

• Payment Password - you’ll enter a 6-digit code from the SMS 

• Google OTP  -  you’ll enter a 6-digit code from the app