What’s PSD2 and how does that affect my business?

Since September 2019, all countries in the European Union and the European Economic Area need to follow specific rules to receive electronic and online payments. The set of rules is called the Payment Services Directive 2 (or PSD2) and takes into account new providers of innovative payment services that have appeared since the first PSD, which came into effect back in 2009. 

PSD2 aims to enhance competition within the digital payments market, promote innovative payment services and make it easier and safer to pay online, protecting consumers. 

All good in the hood, but what should you and your eCommerce team do to make sure that you are PSD2 compliant?  Check below some of the most common questions. 

• How does this new PSD2 regulation affect my business in Ireland? 

If you sell goods of any kind, have an eCommerce site or receive electronic payments,  PSD2 affects your business entirely. The directive established standard rules about specific types of electronic payments, such as credit transfers, direct debits, card payments and mobile and online payments. To be able to keep your business receiving those sorts of fees, you will need to ensure that it is compliant with the RTS (Regular Technical Standards) on SCA (Strong Customer Authentication) and make sure you have a 3-D secure protocol in place.

• What is SCA (Strong Customer Authentication)? 

SCA is an authentication through at least two out of the following three factors: 

1. Knowledge: something only the user knows (e.g., passcode or PIN);
2. Possession: something only the user possesses (e.g., mobile phone or token);
3. Inherence: something the user is (e.g., fingerprint, facial, iris or eye vein).

Using SCA is required when the payer initiates an electronic payment transaction and increases consumer confidence in electronic payments. From December 31st, all transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks. There are two ways to integrate payment gateways and make sure you are compliant: 

• Using an HPP (Hosted Payment Page) to receive payments: a hosted payment page is a third-party web page where the transaction can be completed securely. This external page enables customers to submit their payment information to complete the online checkout process. Examples of sites that offer HPP’s are Stripe, PayPal, etc.
  

• Use an in-website payment page: an in-website payment page doesn’t require your client to navigate to another website to complete their transaction – the payment info is added directly to your website and processed on your backend via the chosen payment gateway (such as Stripe). Our Developers can help you to review and upgrade your current solution, to make sure it’s SCA compliant.  

If you’re not sure of which is your case, contact us. Our team is ready to help you find a solution that protects you and your customers from fraud while offering the best payment experience. 

• What is 3-D secure? 

3-D Secure or 3DS is a messaging protocol that promotes frictionless consumer authentication. It also allows customers to authenticate themselves with their card issuer when making card-not-present (CPN) e-commerce purchases. This protocol also takes into account new payment channels and supports the delivery of industry-leading security, performance and user experience. 

• Is there any way for me to get more information about #psd2ready? 

The eCAI (eCommerce Association of Ireland) launched a website, psd2ready.ie, with all the information you need to know about the directive. You can also make sure that your business is 100% #psd2ready by getting in touch with our team, that can advise you on what to do and offer you guidance on the process.