The revamped Payment Service Directive (PSD2) is already in effect; however, Strong Customer Authentication (SCA) is part of the PSD2 regulations, and its deadline is looming.
What is PSD2?
The Payment Services Directive is an EU Directive administered by the European Commission. Its purpose is to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).
On October 8, 2015, the European Parliament accepted the European Commission proposal to create safe and more innovative European payments (PSD2, Directive (EU) 2015/2366). These new rules focus on facilitating safer cross-border European payment services and better protecting consumers when they make online purchases.
On November 16, 2015, the Council of the European Union passed PSD2. The regulation deadline would be imposed in two years, giving ample time to member states to incorporate the directive into their national laws.
On January 13, 2018, the original PSD was repealed and replaced by PSD2, and since March 14, 2019, financial institutions providing an API solution must have it readily available for external testing.
What is SCA?
Under PSD2, Strong Customer Authentication (SCA) is a new European requirement. Payment providers must use two separate authentication elements to verify an online transaction.
There are three common factors of authentication and PSD2 defines the SCA as having to include two or more of the following:
The desired outcome of PSD2 is to make SCA a requirement for all online transactions; however, there will be some exemptions. For instance, transactions under 30 EUR will be exempt, but if a card processes more than 100 EUR within 24hrs, SCA will be required.
Any transaction that does not meet the new requirements of PSD2 could get declined beginning September 14, 2019.
Presently, an authentication tool called 3D Secure 1.0 (Verified by Visa, Mastercard SecureCode) is used as a way to verify online transaction.
Here’s what that looks like:
A customer goes to pay for their booking online only to get redirected to a page asking for a pin number that isn’t their actual pin number, but one they’ve forgotten. At that point, they either choose to reset it, or cancel the booking.
As you can see, that’s a huge risk to your conversions. Thankfully, welcoming 3D Secure 2.0 means frictionless authentication.
What does this mean for you and Checkfront?
To be compliant with PSD2, all payment gateways must adhere to the directive by the dates described above. While Checkfront will upgrade to work with the new payment flows before September 2019 — when SCA is enforced — you should make sure that your payment gateway will be ready as well. Otherwise, you’ll risk missing out on bookings with credit card payment declines.
If you have any questions, please contact us at firstname.lastname@example.org.