What You Need to Know About the PSD2 and Strong Customer Authentication

Caitie Gonzalez
By Caitie Gonzalez

Estimated read time: 3 minutes, 15 seconds

On September 14th, 2019 all payment providers who process payments for consumers in the European Union must adhere to new requirements for authenticating online payments as part of the second Payment Services Directive (PSD2).

Already a FastSpring seller? Skip to the bottom of this piece to find out what you need to do about this regulation.

You may recall the initial Payment Services Directive (PSD) established by the European Commission that was initially adopted in 2007, then updated in 2009 and again in 2012. The PSD was established as a legal framework that all payment service providers must adhere to in order to sell goods and services in the European Union. The PSD is intended to increase pan-European competition and participation while increasing consumers’ rights and holding payment providers accountable.

In 2015, the EU commission expanded on the existing regulation and introduced the second Payment Services Directive. The new rules introduced in the PSD2 are designed to add additional protection for consumers making online payments. The biggest change for the ecommerce industry is the Strong Customer Authentication requirement for online transactions. The new regulation will become mandated on September 14th, 2019.

What is the Strong Customer Authentication requirement?

Strong Customer Authentication (SCA) is intended to increase the security of online payments and reduce fraud. In order to comply, ecommerce merchants must implement two-factor authentication for all eligible transactions.

What does this mean for me and my customers?

Beginning in September, all ecommerce transactions where either the issued card or acquirer is in the EU are required to incorporate a two-factor authentication in the checkout process. Merchants and other players in the payments space are required to have 3D Secure 2.0 implemented by the September 14th, 2019 deadline in order to effectively meet the SCA requirements. However, any transactions or subscriptions initiated prior to the deadline will be grandfathered in.

What is two-factor authentication?

Two-factor authentication uses two or more elements to verify the information needed for secure online purchases. There are three categories for authentication:

  • Knowledge. Something the user knows.
  • Possession. Something the user owns like a physical credit card.
  • Inherence. Something the user is like fingerprints or facial recognition.

The most common tool to implement the SCA is with 3-D Secure (3DS). A new version of the 3DS has been released that will offer the ability to authenticate transactions using a biometric method that many mobile phones already offer like fingerprints and facial recognition. The 3DS2 update also includes an option for “frictionless flow” where payments are authorized without additional security measures. The 3DS2 will become mandated on September 14, 2019, as part of the SCA and PSD2.

How is FastSpring preparing for the Strong Customer Authentication requirement?

As a Merchant of Record, FastSpring is actively working with our network of payment issuers, acquirers, and processors to ensure we implement the required changes in the most optimal way. We are developing a solution that limits the disruption to the customer experience, conversion rates, and transaction success rates while meeting the requirements and sharing the benefits of the directive.

What do I need to do as a FastSpring customer?

Part of the beauty of FastSpring is that we take on all the Merchant complexity related to global ecommerce. As such, FastSpring sellers are not required to take any additional action in regards to the SCA or PSD2. We will communicate specific changes to the checkout flow in the coming weeks and months as we prepare for the September 14, 2019 deadline.

What if I am not a FastSpring customer?

If you’re not a FastSpring customer you are on the hook for adhering to the new regulations. You will need to research and understand the specific requirements for your business and payment regulations. Otherwise, you will not be approved to sell in the European Union.

To learn how partnering with full-service ecommerce provider like FastSpring keeps you compliant with this and all other major ecommerce-related regulation, request a demo with an ecommerce specialist.

Caitie Gonzalez

Caitie’s background in social media and content marketing combined with her creative nature led her to a career in content creation. Caitie has experience in creating content for social media, blogs, websites, and video. When Caitie isn’t busy creating educational and entertaining content, you can find her walking her dog, watching movies, and playing video games.
ecommerce growth package 2019fastspring webinar CRO