What is PSD2?
The Second Payment Services Directive (PSD2) is an EU regulation that aims to improve the security of customer-initiated card payments by introducing Strong Customer Authentication.
What is Strong Customer Authentication (SCA)?
SCA requires that a customer is authenticated through at least two independent factors when making a card payment:
- Something the customer knows e.g a PIN or password
- Something the customer has e.g a mobile phone or card reader.
- Something the customer is e.g facial recognition or a fingerprint.
What types of transactions will be affected?
The regulation applies to most card transactions, with a number of key exceptions:
- Online card payments below €30. Additional security will be required if the customer makes more than five consecutive low value payments or if the cumulative value exceeds €100.
- Contactless face-to-face transactions below €50. The cumulative limit of consecutive transactions is €150 and the number of consecutive transactions is limited to five.
- Mail and telephone orders (MOTO) via a virtual payments gateway
- Recurring payments such as subscriptions made to the same business for the same amount. Strong Customer Authentication will be required for initial set up.
What does this mean for my customers?
This means that customers will be prompted to provide additional information when making certain card payments.
The two key payment types affected are face-to-face contactless transactions and online payments exceeding the values shown.
For customers making online payments, they'll go through two-factor authentication via their bank. When this happens, they’ll be asked to enter a password or a one-time secure code.
How does this affect my business?
This means that all businesses accepting face-to-face or online card payments will need to comply with SCA by 14th March 2022.
How do I comply with the new security standards?
The good news is that businesses accepting face-to-face payments through Paymentsense are already compliant.
If you take online payments, you'll need to have 3D Secure 2 (3DS2) software enabled in your ecommerce account by 14 March 2022. We'll be in touch over the coming months to let you know if there are any steps you need to take to do this.