What is PSD2?

The European Union’s revised Payment Services Directive (PSD) is a directive implemented to regulate payment services and payment providers throughout the EU and EEA. The Second Payment Directive, otherwise known as PSD2, is the latest update to this legislation which tightens regulations and requirements around the handling of online payments and card data.

The new directive, comprising of 90 pages of legislation, includes Strong Customer Authentication (SCA) requirements and updates to 3D Secure. 

 

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) reduces fraudulent card usage through the requirement of additional validation steps when making payments by card online. To make this possible, SCA required an update to the existing 3D Secure protocol. In general, the verification flow of 3D Secure 2.0 is similar to the 3DS 1.0 flow, but in most cases, it does not require customer identity verification as the card issueing bank can make this decision. Where a customers’ bank has implemented the functionality, a customer may be required to confirm the online transaction by confirming a notification on their mobile device.

Ultimately, PSD2 and SCA have been implemented to improve the security of card payments online and increase competition amongst payment providers, giving consumers greater choice and security.

 

Who does PSD2 affect?

Banks – PSD2 allows third-party payment providers to access bank accounts of customers, view information and initiate a payment through a bank directly, without the need for merchant accounts.

Consumers – Through direct integration to their bank accounts, consumers will get a greater choice of payment methods. PSD2 also aims to improve consumer rights through the prohibition of surcharges on credit cards, debit cards and prepaid cards within the EU.

Third-party payment providers – Progressive payment providers have an opportunity to capitalise on this new access to financial institutions by creating new payment services and providing merchants with more payment methods.

Online merchants – For merchants selling to EU customers, it is their responsibility to ensure they and their chosen third-party payment providers are compliant with the new legislation.

Impact on merchants

The new requirements for SCA will come into force from 14th September 2019 when the rejection of transactions not properly authenticated may begin by banks. It is, therefore, the responsibility of every merchant selling within the EU to ensure they are compliant with PSD2 ahead of this date. There has been talk of this deadline extending, but our advice would be to be prepared for mid-September to avoid the following:

  • An increase in failed transactions
  • Increase in declined transactions from the card-issuing banks
  • Being forced to comply by your merchant bank

AYKO Professional Services team have been aware of this change to online payments since early 2019 and have carried out extensive research around this. Firstly, to ensure our partners were aware of this new legislation and compliant, and secondly to enable our customers to be compliant or take the necessary measures to become so.

Impacts for Magento Payment Extensions

Magento recently released a statement regarding PSD2 and mentioned the payment providers that have the requirements embedded in their core, including PayPal, Braintree, Authorize.net, CyberSource and eWay. 

To be clear, this does not mean that other third-party payment providers are not supporting the PSD2 SCA requirements. Many other payment providers including our partners at Checkout.com and Adyen have also updated their Magento extensions for Magento 1 and Magento 2 in line with PSD2.

Next steps to prepare for PSD2 

  1. Audit your website and make a list of your payment gateway providers.
  2. Consult with each payment gateway provider or your agency partner on the steps you need to take.
  3. Speak with your merchant bank to see if you need to take any additional measures.
  4. Work through the implementation process with your eCommerce agency.

Like all regulation, PSD2 brings new challenges, but with the right strategies in place, merchants can be compliant, help reduce fraud and offer secure payments.

To discuss PSD2 in more detail and get some peace of mind around what actions are required as a merchant, get in touch with our Professional Services team today.

Author

David Greenwood

Leave a Comment

Your email address will not be published. Marked fields are required.