PSD2 Explained: What You Should Know About Robust Customer Authentication
4 min readThe Payment Services Directive 2 (PSD2) tends to better align regulation with the current technology and market’s state. It acquaints essential security needs for the inception and protection of consumer’s financial data and processing of electronic payments. It also identifies and directs Third-Party Providers (TTP) to initiate payment services and aggregate or access accounts. It will shake up the payments market, especially in online businesses, by improving transparency, innovation, and competition in payment services. Therefore, you must know your PSD2 compliance requirements if you are running an eCommerce business.
In short, PSD2 aims to assist consumers with access to their online payments and banking data and bring advancement by promising payment authorities to share customer’s data with third parties in a protected manner. Powerline Blog
PSD compliance: A brief
At MONEY 202 in June 2019, many keynoters pointed out that some financial service providers and banks were indulging in managing data to their customers, contending about their risk scenarios and compliance.
According to Finextra, 41% of the 442 European banks involved in a survey didn’t succeed in meeting the deadline of March 2019. They could not give a robust testing environment to their TTP.
Initially, PSD was able to address only some of the significant concerns for regulating payments; however, it was not able to address payments to/from nations not involved in the EU, neither did it aim the rising role of TTP.
PSD2 came as an enhancement to improve the previously existing directive by including hlr lookup services by decreasing obligation for wrongful transactions, assuring unconditional repayment rights for direct debits, and eradicating additional charges for utilizing a consumer debit or credit card.
The European Banking Authority (EBA) Opinion precisely revealed that it has accepted that vast numbers of online merchants and eCommerce businesses were not ready for this turn. The new timeline (so-called deadline) to implement Strong Customer Authentication (SCA) has been reduced by 15 months.
According to EBA, it is sufficient time to develop the essential advancements. Indeed, the COVID-19 has also added one more layer of complexity and hindrances.
PSD2 compliance: Are you ready?
The Directive (EU) 2015/2366 – mainly termed as Payment Services Directive 2 (PSD2) is the advancement in PSD, a 2007 EU Directive rendered to administer payment services within the European Union (EU).
PSD compliance basically adopted in December 2007, the Payment Services Directive (PSD1) came into existence to set and initiate regulations on financial service providers in regards to several payment services to improve transactions and competition across the European Economic Area (EEA) and the European Union (EU).
The order directive was subsequently updated in 2015 as PSD2, expanding upon the initial directive to oblige newer transaction systems while broadening its scope. Incorporated in PSD2 is the necessity that financial service providers build up strong customer authentication for payments, influencing online payments.
For PSD2 consistency, SCA necessities became effective as of September 14, 2019.
SCA needs authentication containing the below listed three elements:
- Knowledge
- Possession
- Inherence
What happens if payment service providers miss the PSD2 SCA deadline?
The individual EU member states will choose penalties to EEU banks and payment service providers. As non-compliance would mean for customers and businesses, if PSD2 SCA necessities are not met during eCommerce or online payments, the cardholder’s bank can abort the transaction, negatively impacting all parties.
There has been a PSD2 SCA setback in execution from when the compliance and regulation were first declared. In today’s PSD2 timeline, numerous European nations had set December 31, 2020, as a typical timeline.
It is suggested that payment organizations promptly address PSD2 SCA compliances and requirements to be prepared for future changes. It is possible as new requirements and regulations are added, they will develop upon 3d secure designs.
Financial institutions and payment service providers are known for taking longer to adopt modern technologies. With RTS and PSD2 coming into security solutions, fruition is an immediate way to accomplish client-side compliance.
Several consumers who make online transactions via their phone may already be aware of with the inherence type of 2FA, for example, when use utilizes their fringerprints along with a PIN or password to process an online payment.
Several payments will also need 3D secure authentication. This way needs the customers to authenticate with their card provider before making a transaction. 3D Secure is utilized to decrease unauthorized payments. 3D Secure is already used by several extensive networks such as American Express, Mastercard, and Visa.
Why apply PSD2 SCA?
The PSD2 is a decisive step towards assuring an appropriately managed Open Banking framework. By putting consumers’ safety first and enabling new market participants, the EU defines some aspiring objectives.
The motto of applying PSD2 SCA is to enhance security for online payments while securing customers’ sensitive and protected data. The new PSD2 needs to enable payment under €500 to be secured by risk analysis. By increasing 2FA requirements to all online transactions as PSD2 compliance requirements, the information required to process such payment is more typical to access and utilize fraudulently.