Consumer Authentication is a mechanism used to authenticate a user that initiates a payment or accesses banking information via an API consumer application. Authentication can be configured using two or more of the following factors to minimise fraudulent activities by preventing identity theft. It authenticates the user using the following factors one at a time:

  • Knowledge: Things only the user knows, such as passwords.
  • Possession: Things only the user has, such as ATM cards.
  • Inherence: Things only the user is, such as a fingerprint.

authentication factors


Strong Customer Authentication is the term used in PSD2 for Consumer Authentication. In Strong Customer Authentication, it is mandatory to use at least two of the authentication factors mentioned above.

You can enforce Consumer Authentication for the WSO2 Open Banking solution with the use of authentication mechanisms supported in WSO2 Identity Server. For more information: