PSD2 and 3-D Secure 2.0
May 1, 2020 Update: The Financial Conduct Authority announced that due to the exceptional circumstances of the Covid crisis, they are giving the industry an additionally 6 months to implement SCA for e-commerce. The new timeline of September 14, 2021 replaces the previous March 2021 date.
August 18, 2019 Update: The Financial Conduct Authority, the financial regulatory body in the United Kingdom, has agreed to an 18 month extension to implement SCA (Strong Customer Authentication) so as to limit the potential impact on consumers. An extension means UK issuing banks, payment processors and online retailers will not face enforcement action if they do not implement 3DSecure 2.0 until March 2021. WePay is currently reviewing the extension and will be in touch with Partners with further details.
On September 14, 2019 all companies within the European Union will need to comply with the Payment Services Directive 2 (PSD2), which requires “Strong Customer Authentication” (SCA) for electronic payments. Strong Customer Authentication is a form of 2-factor authentication which will increase customer protection, driving change and innovation for online transactions. Payers will have to authenticate their identity with their card issuer using at least two of the three elements:
- something they know (a password or PIN code);
- something they own (a card, a mobile phone); and
- something they are (biometrics, e.g. fingerprint or iris scan).
What is the solution?
The SCA solution for credit card transactions is 3-D Secure 2.0, the next generation of 3-D Secure. Version 2.0 offers a better user experience compared to its predecessor by not always requiring a “challenge” for the payer to verify their identity for each transaction. With partners that provide additional transaction data, issuing banks can choose to offer their payers a “frictionless flow” which doesn’t require identity verification, and speeds up the check-out process.
Who does this impact?
This mandate applies to all credit card transactions in the European Union. Any platform which onboards merchants in the EU and accepts payments from consumers will need to comply with the mandate. Platforms which do not deal with merchants in the EU are exempt from these changes. Partners will have to update their integrations to support the additional data fields to support 3-D Secure 2.0.
There will be work required from ISV’s to comply with this mandate. WePay partners should be on the lookout in the coming weeks for communications on how to complete that work.
If you have any additional questions, please contact firstname.lastname@example.org or your WePay representative for more information, including necessary documentation and timelines.