PSD2 and SCA Compliance
FastSpring includes compliance for Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) regulations.
Starting Jan 1, 2021, all ecommerce transactions in the European Economic Area (EEA) became eligible for Strong Customer Authentication (SCA). Transactions are only affected if a consumer's issuing bank requires them to go through the SCA flow. If this is the case, they may be required to enter a 2-factor authentication to complete their purchase.
FastSpring supports these changes on your behalf and delivers a seamless experience for your customers. FastSpring Sellers do not need to take any additional action to be compliant regarding PSD2, including SCA.
What is PSD2?
The European Union's second Payment Services Directive (PSD2) is an EU-wide initiative to provide increased security for online shopping through a process called Strong Customer Authentication (SCA). It is designed to reduce fraud and make online payments more secure. Now that PSD2 has gone into effect, shoppers with European Union credit cards may be asked to confirm their identity before checking out with FastSpring.
FastSpring ensures that only shoppers attempting an eligible transaction experience SCA, and only when required. For transactions that are not eligible for PSD2, nothing changes in the customer experience.
Visit the European Commission for more information on PSD2 considerations.
FastSpring Compliance for the Strong Customer Authentication Requirement
As a Merchant of Record, FastSpring actively works with our network of payment issuers, acquirers, and processors to ensure we have achieved the optimal implementation of the required changes. We developed a solution that limits disruption to the customer experience, maximizes conversion rates and transaction success rates, meets the requirements, and shares the benefits of the directive.
Why is this important?
Payment providers and banks are legally required to enforce PSD2. Online businesses who do not fulfill the SCA requirements will start seeing their decline rates increase and conversion rates decrease as banks reject non-authenticated payments. Under the new requirements, SCA is required on all payer-initiated transactions when both the card issuer and acquirer are within the EEA.