PSD2 and 3-D Secure 2.0
On September 14, 2019 all companies within the European Union will need to comply with the Payment Services Directive 2 (PSD2), which requires “Strong Customer Authentication” (SCA) for electronic payments. Strong Customer Authentication is a form of 2-factor authentication which will increase customer protection, driving change and innovation for online transactions. Payers will have to authenticate their identity with their card issuer using at least two of the three elements:
- something they know (a password or PIN code);
- something they own (a card, a mobile phone); and
- something they are (biometrics, e.g. fingerprint or iris scan).
What is the solution?
The SCA solution for credit card transactions is 3-D Secure 2.0, the next generation of 3-D Secure. Version 2.0 offers a better user experience compared to its predecessor by not always requiring a “challenge” for the payer to verify their identity for each transaction. With partners that provide additional transaction data, issuing banks can choose to offer their payers a “frictionless flow” which doesn’t require identity verification, and speeds up the check-out process.
Who does this impact?
This mandate applies to all credit card transactions in the European Union. Any platform which onboards merchants in the EU and accepts payments from consumers will need to comply with the mandate. Platforms which do not deal with merchants in the EU are exempt from these changes. Partners will have to update their integrations to support the additional data fields to support 3-D Secure 2.0.
There will be work required from ISV’s to comply with this mandate. WePay partners should be on the lookout in the coming weeks for communications on how to complete that work.
If you have any additional questions, please contact firstname.lastname@example.org or your WePay representative for more information, including necessary documentation and timelines.