SCA means an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent. 

The financial entity has chosen to use for SCA the combination of the possession element and the knowledge element. 

The financial entity has only corporate customers. 

For the possession element the customer has to set-up a HSM in its own environment, generate a key-pair, store the private key in the HSM and send via a secure connection the public key to the financial entity. 

For the knowledge key, the customer has to log in to the financial entity portal, based on an userid and an OTP(One Time Password, received from the financial entity), and create what the financial entity calls an API-key. The API key is created by the financial entity and during the creation the key is shown in plain text for a very short moment. After the creation the API Key cannot be viewed in plain text again. The customer must securely store the API key. The financial entity suggests to store the API Key in for example a file, database, key vault or HSM. This could also be the same HSM as used by the customer for the private key of the possession element. 

The hash of the API key is stored by the financial entity. The hash is used by the financial entity to valid the use of the knowledge element at the authorisation of the transaction done by the customer. 

For the initiation of transactions the customer has to sign with his private key and to copy the API key as knowledge element in the financial entity portal.