Banks as well as all other payment service providers must use “two factor authentication” for payment transactions with effect from 14.09.2019 due to an EU-wide regulation. This means that
you must verify your identity by means of two factors.
In a first step, 3 legal categories must be differentiated between:
Thereafter the payment service provider selects two factors from the categories listed. Which factor are specifically chosen, is left up to the payment service provider to decide, the only condition being that the factors are from two different categories. The purpose of this rule is to minimise fraud and also to further increase the security of payment transactions.
Other variants are also permissible, as long as two factors from two different categories are chosen. It remains at the bank’s discretion which factors and variants it chooses to use and offer. There are a lot of providers in the market that offer various different offers, and you in turn are free to choose the provider that suits about with the corresponding authentication procedure.
The Financial Market Authority’s task is to monitor whether your bank uses a two factor authentication process. The FMA is not however able to influence which variants your bank uses as well as how many different variants it offers. Further information about strong customer authentication can be found at: https://www.fma.gv.at/en/fma-spotlight-on/information-on-strong-customer-authentication/.