Payment Services Directive 2 - PSD2

What is PSD2?

PSD2 is a mandate for payment service providers to implement strong customer authentication (SCA) measures to make payments more secure for cardholders. In other words, PSD2 mandates strong customer authentication for online payments and online banking transactions which includes subscription models as well.

This means that before the banks authenticate a transaction, the end user is required to provide two out of three authentication factors:

• Something only the shopper knows.
• Something only the user possesses.
• Something the user is.

For example, before the bank authenticates and authorizes a payment, an end user is required to supply a one-time authentication code received on their phone (something the end-user has), and a password that only the end user knows (something the end-user knows).

This improvement is mainly to be focussed on Debit/Credit cards. This requirement applies when both the publisher and buyer (cardholder, subscriber) are within the European Economic Area (EEA), Monaco, or the UK.

The full list of PSD2 countries includes Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.

Why is it important to comply? 

When both the publisher and buyer (cardholder, subscriber) are within the European Economic Area (EEA), Monaco, or the UK, the 3D Secure setup is mandatory - otherwise, all credit card transactions will fail.