What is PSD2?
PSD2 is a mandate for payment service providers to implement strong customer authentication (SCA) measures to make payments more secure for cardholders. In other words, PSD2 mandates strong customer authentication for online payments and online banking transactions which includes subscription models as well.
This means that before the banks authenticate a transaction, the end user is required to provide two out of three authentication factors:
- Something only the shopper knows.
- Something only the user possesses.
- Something the user is.
For example, before the bank authenticates and authorizes a payment, an end user is required to supply a one-time authentication code received on their phone (something the end-user has), and a password that only the end user knows (something the end-user knows).
This improvement is mainly to be focussed on Debit/Credit cards. This requirement applies when both the publisher and buyer (cardholder, subscriber) are within the European Economic Area (EEA), Monaco, or the UK.
The full list of PSD2 countries includes Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.
Why is it important to comply?
When both the publisher and buyer (cardholder, subscriber) are within the European Economic Area (EEA), Monaco, or the UK, the 3D Secure setup is mandatory - otherwise, all credit card transactions will fail.
To understand better, this change is mainly for 'Issuing banks'. Because of this requirement, all banks in the Europe Union have to upgrade the authentication method from 3D Secure 1.0 to 3D Secure 2.0. Due to that fact, every time a transaction has been triggered when using Merchant, it goes to the bank for verification. The 'issuing bank' then verifies if the transaction supports 3D Secure 2.0, if yes, then the transaction goes through, otherwise, banks simply refuse the transaction which will affect the conversion rate.
Are payments processed through Cleeng payment integrations PSD2 compliant?