According to the Berlin Group Implementation guidelines, there can be different methods for the PSU to carry out its strong authentication. Commerzbank is supporting the following one(s):
The PSU is redirected from the TPP interface to a web browser in order to perform her/his SCA.
The PSU is redirected according to her/his usual/preferred authentication mechanisms. In this approach, the PSU will receive a message from Commerzbank through the TPP interface inviting her/him to finalize her/his authentication through her/his mobile banking application or any other authentication mechanism offered by Commerzbank. Additionally, Commerzbank might use other notification channels to inform the PSU (PUSH notifications on her/his mobile device, email, SMS, phone call…).
To carry out its strong authentication on the ASPSP side, the PSU will be redirected from the TPP APP through several pages within the workflow described below.
Before being redirected to the TPP App, the PSU will access a redirection screen with some context related to the given authorisation. This screen is slightly different for AIS and PIS.
| Decoupled SCA messages | ||
|---|---|---|
| Two factor authentication | Confirmation screen | Decoupled validated |
 |
 |
 |