What is PSD2?
The Second Payment Services Directive (PSD2) is an EU regulation that aims to improve the security of customer-initiated card payments by introducing Strong Customer Authentication.
What is Strong Customer Authentication (SCA)?
SCA requires that a customer is authenticated through at least two independent factors when making a card payment:
- Something the customer knows e.g a PIN or password
- Something the customer has e.g a mobile phone or card reader.
- Something the customer is e.g facial recognition or a fingerprint.
What types of transactions will be affected?
The regulation applies to most card transactions, with a number of key exceptions:
- Online card payments below €30. Additional security will be required if the customer makes more than five consecutive low value payments or if the cumulative value exceeds €100.
- Contactless face-to-face transactions below €50. The cumulative limit of consecutive transactions is €150 and the number of consecutive transactions is limited to five.
- Mail and telephone orders (MOTO) via a virtual payments gateway
- Recurring payments such as subscriptions made to the same business for the same amount. Strong Customer Authentication will be required for initial set up.
What does this mean for my customers?
This means that customers will be prompted to provide additional information when making certain card payments. The two key payment types affected are face-to-face contactless transactions and online payments exceeding the values shown.
How does this affect my business?
This means that all businesses accepting face-to-face or online card payments will need to comply with SCA by March 2021. The regulation was originally due to come into force on 14th September 2019, however the implementation of SCA has been delayed by 18 months to give the industry time to comply with new security measures.
How do I comply with the new security standards?
The good news is that many businesses will already be compliant as part of their Paymentsense services. If there’s anything you need to do, we’ll be in touch over the coming months with more information. For most businesses that use Paymentsense, there will be no action required.