Payment Service Directive 2

This week, Payment Service Directive 2 (PSD2) have enforced a new rule where all online retailers must abide by the new Strong Customer Authentication (SCA) mandate. This comes into effect as of March 14th 2022, in order to combat the risk of fraud and increase online security. The updated directive is true for online and brick & mortar shopping across all devices: desktop, mobile, tablet and face-to-face transactions.

How does SCA compliance work?

All customers will have to confirm their identity in order to purchase online. Non-compliant transactions will result in the consumers card declining. SCA means incorporating 2FA by asking customers to verify their payment by either adding a code sent via email or SMS or by verifying in your online app.  Each transaction will require two forms of security from of the following: 

Knowledge – e.g. PIN number or passcode

Possession – e.g. Approve a transaction via a phone app 

Inherence – e.g. Fingerprint

Revolut and Natwest apps have been doing this for some time by notifying you to ‘Approve a transaction’. This method includes both possession and inherence/knowledge:

  • User must login to their online banking app using their fingerprint/PIN
  • User approves transaction on their phone

Unless this is done, the user’s transaction will not go through. 

You may be worried about what this might look like for abandoned carts but SCA compliance is exempt for the following scenarios:

  • Recurring transactions and regular payments of the same amount to the same business, such as subscriptions
  • Low-value transactions under £30
  • Low-risk transactions that have been assessed in real-time by a fraud prevention solution
  • Transactions with trusted beneficiaries, where consumers can tell their bank to approve merchants they trust

I am a merchant, how do I ensure 2FA is setup correctly?

Your payment provider should have automatically updated the security for you but if you are unsure please contact them and ask to switch on the 2FA settings. 

For anyone using Stripe or Sage Pay merchants, you can simply login to your merchant account and turn on ‘3D Secure’ and the updated process should be in place and ready to go. Please note: you may need to ask your development team to upgrade to the latest version. 

If you need any further assistance please do not hesitate to contact our team and we’ll be more than happy to help you out.