(1) In this section, “strong customer authentication” or “SCA” means authentication that is based on the use of two or more elements that are:
(a) independent, in that breach of one element does not compromise the reliability of any other element; and
(b) designed in such a way as to protect the confidentiality of the authentication data.
(2) The elements in (1)(a) must consist of two or more of the following:
(a) something known only by the User (“knowledge”);
(b) something held only by the User (“possession”); or
(c) something inherent to the User (“inherence”).