PSD2 and Strong Customer Authentication
Overview
The PSD (Payment Services Directive) is an EU Directive, administered by the European Commission to regulate payment services and payment service providers. It provides the legal framework within which all payment service providers must operate.
The Revised Payment Services Directive (PSD2) is in effect throughout Europe from September 14, 2019. It applies to all online transactions where both the issuing and acquiring banks are located in the European Economic Area (EEA): Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.
Strong Customer Authentication (SCA)
The main requirement of PSD2 that is relevant to businesses is what's called Strong Customer Authentication (SCA). SCA is a new European regulatory requirement to reduce fraud and make online payments more secure. To accept payments once SCA goes into effect on September 14, you will need to build additional authentication into your checkout flow. Essentially, you will have to present customers a 3DS (3D Secure) flow when they purchase online, so that they can "authenticate" they are who they say they are, and that they are the valid holder of the credit card being used. Starting September 14, 2019, banks will decline payments that require SCA but have not gone through authentication.
Solution
When you subscribe to our products you can encounter this Customer Authentication. In all our products the customer will be presented with a screen, see example below, and they need to fullfill what’s asked, usually a password or token to generate.
What the user needs to enter really depends upon the bank as this screen is hosted by the bank. Sometimes just a password but it can also be a bank popup that requires their token generator device.