{"id":3069,"date":"2025-10-14T19:08:35","date_gmt":"2025-10-14T17:08:35","guid":{"rendered":"https:\/\/www.betaalvereniging.nl\/en\/?post_type=btv_wiki&#038;p=3069"},"modified":"2026-02-26T11:37:39","modified_gmt":"2026-02-26T10:37:39","slug":"two-factor-authentication","status":"publish","type":"btv_wiki","link":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/","title":{"rendered":"Two-factor Authentication (2FA)"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-what-is-two-factor-authentication\">What is two-factor authentication?<\/h2>\n\n\n\n<p><strong><a class=\"internal-link-juicer-keyword-link\" href=\"https:\/\/www.betaalvereniging.nl\/en\/glossary\/2fa\/\">2FA<\/a><\/strong> is also known as \u2018two-step security\u2019 and uses two different and personal factors to securely approve something digitally. It is used for logging in and digitally approving transactions, such as payments. In the EU, the use of 2FA is legally required for many digital payments, based on the <a href=\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/european-legislation\/psd2\/\" type=\"btv_wiki\" id=\"2970\"><strong><u>Revised Payment Services Directive<\/u><\/strong><\/a><strong> (PSD2)<\/strong>. 2FA protects digital payments against fraud.<\/p>\n\n\n\n<p>Two-step verification is a form of <strong><em>Strong Customer Authentication<\/em><\/strong> (SCA). A user must provide two of three different types of factors digitally in order to log in or approve something digitally, such as a payment:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Something that only this user knows<\/strong> \u2013 a fingerprint or facial recognition;<\/li>\n\n\n\n<li><strong>Something only this user knows<\/strong> \u2013 such as a secret number or letter code;<\/li>\n\n\n\n<li><strong>Something only this user possesses<\/strong> \u2013 such as a debit card, smartphone, or smartwatch;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-is-2fa-important\">Why is 2FA important?<\/h2>\n\n\n\n<p>2FA provides an <strong>extra layer of protection<\/strong> against certain types of fraud. For banks, payment services, and governments, this strong customer authentication is essential for securely and reliably recognizing customers digitally.<\/p>\n\n\n\n<p>Not only under PSD2, but also under the <strong>eIDAS Regulation<\/strong> for digital identification services, 2FA is a legal requirement, for example for the future <strong>EUDI Wallet<\/strong> (<em>EU Digital Identity<\/em>). Strong customer authentication with 2FA is then required when providing personal data or a digital signature with an EUDI Wallet.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-2fa-in-practice\">2FA in practice<\/h2>\n\n\n\n<p>Recognizable examples of two-step security are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Paying \u20ac100 with a <a href=\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/card-payments\/payment-cards\/\" type=\"link\" id=\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/card-payments\/payment-cards\/\"><strong><u>debit card<\/u><\/strong><\/a> (personal property) and a secret PIN code (personal number code);<\/li>\n\n\n\n<li>Logging into a mobile banking app with fingerprint or facial recognition (personal characteristic) on a unique personal smartphone (personal property);<\/li>\n\n\n\n<li>Logging into the tax authorities with five secret digits (personal numeric code) in the DigiD app on a personal smartphone (personal property);<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-exceptions\">Exceptions<\/h2>\n\n\n\n<p>SCA (with 2FA) is not always mandatory for payments. <strong>PSD2<\/strong> mentions a few exceptions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>For low amounts<\/strong>: payments up to \u20ac50 are usually exempt from SCA, for a limited number of repetitions.<\/li>\n\n\n\n<li><strong>For recurring payments<\/strong>: SCA is only mandatory for the first payment.<\/li>\n\n\n\n<li><strong>For payments to a known party<\/strong>: the user can sometimes designate certain beneficiaries whom they trust and for whom SCA is not required.<\/li>\n\n\n\n<li><strong>For low risk<\/strong>: a payment service provider may disable SCA if it assesses the risk to be low; if something does go wrong, it will also be liable for the damage.<\/li>\n<\/ul>\n\n\n\n<p>The <strong>payment service provider<\/strong> determines whether or not to apply SCA. That service provider remains responsible for compliance with PSD2, not the payer or recipient.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-role-of-the-dutch-payments-association\">The role of the Dutch Payments Association<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We monitor developments relating to PSD2, PSD3, PSR, eIDAS 2.0 and the <strong>EUDI Wallet<\/strong> and represent the interests of the Dutch payments sector in Brussels.<\/li>\n\n\n\n<li>We respond to legislative consultations on behalf of our members and support our members in complying with laws and regulations for identification and authentication.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Two-factor authentication (2FA) adds an extra layer of security to digital transactions. Its use is legally required in the EU for digital payments above \u20ac50. It also plays an important role in eIDAS, for the future European Digital Identity Wallet (EUDI Wallet).<\/p>\n","protected":false},"featured_media":869,"parent":12,"menu_order":0,"template":"","meta":{"_acf_changed":true,"editor_notices":[]},"btv_subject_tax":[10],"class_list":["post-3069","btv_wiki","type-btv_wiki","status-publish","has-post-thumbnail","hentry","btv_subject_tax-digital-identity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin  - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Two-factor Authentication (2FA) - Dutch Payments Association<\/title>\n<meta name=\"description\" content=\"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Two-factor Authentication (2FA)\" \/>\n<meta property=\"og:description\" content=\"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"Dutch Payments Association\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-26T10:37:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@NLbetalen\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/\",\"url\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/\",\"name\":\"Two-factor Authentication (2FA) - Dutch Payments Association\",\"isPartOf\":{\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg\",\"datePublished\":\"2025-10-14T17:08:35+00:00\",\"dateModified\":\"2026-02-26T10:37:39+00:00\",\"description\":\"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage\",\"url\":\"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg\",\"contentUrl\":\"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg\",\"width\":768,\"height\":432,\"caption\":\"Persoon houdt smartphone boven laptop vast, klaar om online bankzaken of een digitale betaling te bevestigen.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.betaalvereniging.nl\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Knowledge base\",\"item\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Digital identity\",\"item\":\"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Two-factor Authentication (2FA)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.betaalvereniging.nl\/en\/#website\",\"url\":\"https:\/\/www.betaalvereniging.nl\/en\/\",\"name\":\"Dutch Payments Association\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.betaalvereniging.nl\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Two-factor Authentication (2FA) - Dutch Payments Association","description":"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/","og_locale":"en_US","og_type":"article","og_title":"Two-factor Authentication (2FA)","og_description":"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.","og_url":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/","og_site_name":"Dutch Payments Association","article_modified_time":"2026-02-26T10:37:39+00:00","og_image":[{"width":768,"height":432,"url":"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@NLbetalen","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/","url":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/","name":"Two-factor Authentication (2FA) - Dutch Payments Association","isPartOf":{"@id":"https:\/\/www.betaalvereniging.nl\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage"},"image":{"@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg","datePublished":"2025-10-14T17:08:35+00:00","dateModified":"2026-02-26T10:37:39+00:00","description":"Two-factor Authentication (2FA) secures digital payments with two personal factors under PSD2 and strong customer rules.","breadcrumb":{"@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#primaryimage","url":"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg","contentUrl":"https:\/\/www.betaalvereniging.nl\/en\/wp-content\/uploads\/sites\/4\/2025\/09\/b933ce3e-2fc2-4545-92b2-d0888c961db0-768x432-1.jpg","width":768,"height":432,"caption":"Persoon houdt smartphone boven laptop vast, klaar om online bankzaken of een digitale betaling te bevestigen."},{"@type":"BreadcrumbList","@id":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/two-factor-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.betaalvereniging.nl\/en\/"},{"@type":"ListItem","position":2,"name":"Knowledge base","item":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/"},{"@type":"ListItem","position":3,"name":"Digital identity","item":"https:\/\/www.betaalvereniging.nl\/en\/knowledge-base\/digital-identity\/"},{"@type":"ListItem","position":4,"name":"Two-factor Authentication (2FA)"}]},{"@type":"WebSite","@id":"https:\/\/www.betaalvereniging.nl\/en\/#website","url":"https:\/\/www.betaalvereniging.nl\/en\/","name":"Dutch Payments Association","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.betaalvereniging.nl\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/btv_wiki\/3069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/btv_wiki"}],"about":[{"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/types\/btv_wiki"}],"up":[{"embeddable":true,"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/btv_wiki\/12"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/media\/869"}],"wp:attachment":[{"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/media?parent=3069"}],"wp:term":[{"taxonomy":"btv_subject_tax","embeddable":true,"href":"https:\/\/www.betaalvereniging.nl\/en\/wp-json\/wp\/v2\/btv_subject_tax?post=3069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}