PSD2: Ensuring Online Security for Your Customers

What Is It All About?

PSD2 is the Payment Services Directive 2, a new EU regulation for electronic and non-cash payments. This new version of the directive introduces the requirement for Strong Customer Authentication (SCA) to make online payments more secure and reduce fraud.

What Is This New Requirement?

Strong Customer Authentication (SCA) requires at least two of the following three methods to confirm a customer’s identity when buying online:

Starting September 14 this year, banks will decline payments that require SCA and have not met this criteria.

Watch Our Webinar Now

When Does SCA Apply?

SCA is required when both the acquirer and issuer are located within the EEA (all EU member countries plus Norway, Iceland and Liechtenstein) and it will apply to “customer-initiated” online payments.

There are, however, some exemptions to this mandate. Here are the most relevant:

• Merchant-Initiated Transactions (MIT): A merchant-initiated transaction is a payment that is taken on an agreed upon date with the payer’s consent, and is initiated by the merchant collecting the payment. If a transaction is merchant initiated, both fixed and variable payments will be exempt from SCA.

• Inter-regional transactions (One-leg-out transactions): A transaction where either the Issuer or Acquirer is located outside of Europe.

• Anonymous Cards: A transaction processed by using an anonymous card can only be identified by the issuing bank, not by the customer.

• Low Value Transaction: Transactions under 30 € will be exempt from SCA. If the total amount attempted on the card without strong authentication is higher than 100 €, or after five consecutive transactions without SCA, it will be required.

• Transaction Risk Analysis (TRA): The ability for a payment to be considered low risk is based on the average fraud levels of the card issuer and acquirer processing the transaction:

• 0.13% to exempt transactions below 100 €
• 0.06% to exempt transactions below 250 €
• 0.01% to exempt transactions below 500 €

• Subscription or Recurring Transactions: Subscription or recurring transactions with a fixed amount will be exempt from the second transaction onwards. Only the initial transaction will require SCA.

• Trusted Beneficiaries: Customers can assign businesses to a whitelist of Trusted Beneficiaries. Whitelisted merchants will be exempt from SCA.

• Secure corporate payments: When the transaction is initiated by a legal person e.g. a business rather than a consumer, and it is processed through a secured dedicated payment protocol.

However, it is important to remember that it’s ultimately the cardholder’s bank that will decide whether to accept an exemption. Banks will return payments that failed due to missing authentication.

How to Authenticate a Payment?

Presently, an authentication tool called 3D Secure 1.0 is used to provide an additional layer of security for online credit card and debit card transactions. After completing the checkout process, the customer gets sent to an often clunky page from their bank to confirm who they are. This often negatively impacts the checkout conversion.

3D Secure 2.0 – the new version of the authentication tool – simplifies the customer experience and will help minimize some of the friction that authentication adds into the checkout process. Instead of entering a password, the cardholder can authenticate a payment through the banking app by just using their fingerprint.

How Will cleverbridge Manage SCA?

Navigating the changing payments landscape and mandates like PSD2 SCA can be complex. You can rely on us to stay compliant with these regulations. Our experts are taking the necessary steps and preparing for the September 14 date.

1. We are actively working with our clients to identify transactions that either fall outside the scope or are exempt from SCA so we can help lessen the impact to their business.

2. We have well-established relationships with acquirers around the world. Our clients get full advantage of this expertise to ensure maximum authorizations and conversions.

3. We will create a frictionless payment experience for customers by implementing 3D Secure 2.X to seamlessly authenticate payments.

4. We will continue to track any changes in requirements for SCA exemptions to ensure that customers can still enjoy easy shopping experiences by applying these exemptions in the best way.