The law requires the use of strong customer authentication for certain kinds of service.
Estonia: A chipped identity card is used as secondary authentication when accessing digital services.
European Union: the European Banking Authority requires the use of “strong authentication”, defined to mean “multi-factor authentication”, in online payments.
Implementing multi-factor authentication into existing systems could be costly.
If designed poorly, multi-factor authentication can make a service less usable.