PSD2 and 3DS2

The deadline for meeting PSD2 regulations is fast approaching, but there are still more questions than answers. Here’s what you should know about upcoming changes to be better prepared.

New requirements based on PSD2 will be introduced on 14 September 2019. Overall the directive comes with putting all existing players under one unified regulatory framework and banks need to provide access to their customers’ accounts via open APIs.

So, why is this important for your online business?

Most common PSD2 challenges

Before digging into the challenges, let’s start with the objectives of PSD2. There’s no question that the directive was created for standardizing regulations for banks and payment providers, but it’s also about making payments safer (which leads to increased customer protection), fostering innovation and competition.

Speaking of competition, the directive is also the answer to the current monopoly that banks have on payment services and customer accounts.

According to Tink’s report, modernizing IT systems is one of the major banking challenges when it comes to PSD2 — for 36% of banks. But, one of the major concerns is that online businesses may end up with complexity, as every bank can offer different implementation. It’s also about the interface implemented by banks and financial institutions, as there’s a doubt about whether they will be sufficiently prepared at the beginning when PSD2 becomes mandatory.

The first months will verify the new challenges, but the chaos is inevitable.

SCA and 3D Secure 2.0 as a method of payment authentication

Another concern is that strong customer authentication (SCA) could have a negative impact on customer experience, because it will add a step to the payment process and make a cardholder to provide additional information to complete a payment.

For the record, SCA is a PSD2 requirement of payment service providers for making online payments more secure and preventing financial fraud. So, payments need to go through multifactor authentication. The question is whether the SCA will damage customer experience.

Today, the most common authentication method is 3D Secure and, based on the recommendation, the main method for authenticating online card payments will be 3D Secure 2.0 version which is expected to improve user experience. This is why we advise merchants who work with SecurionPay to enable our non-invasive 3D Secure verification right away to add a security layer, minimize the chargeback ratio without hindering conversion, and get ready for the 3DS2 version.

Note that there can be exemptions from SCA defined for different use cases, for instance, based on the amount, transaction type, level of risk, etc. This is crucial, as one of the most challenging things will be providing smooth experience depending on the transaction type. Still, it is the cardholder bank’s decision whether to accept an exemption.

For now, we can see that it can get more complex in recurring payments. Imagine how frustrating it would be for their customers to authenticate each monthly payment. So, the goal is to retain recurring payments automated, but it’s up to the bank whether the transaction needs to be authenticated.

If the authentication is not built into the checkout flow, merchants may face severe consequences. This is why we advise you to choose a payment partner that is ready for upcoming regulations to stay away from the implementation burden and focus on your core business. One that has proper knowledge and provides you with all the required tools so that you can effectively address SCA and turn the new regulations into an opportunity for both you and your clients.

Are you ready for PSD2?

There’s no question that PSD2 will open the market to new players, so payments in Europe will be more competitive. More choices mean better services that might lead to faster and cheaper payments and financial services for the end customer.

Keep in mind that if you, as a merchant, don’t stay compliant with the PSD2 requirements by September 14, you will face a significant risk of payment declines and a big drop in conversions. Plus the frictions that your clients may face during payments. Think about how it will impact your bottom line.

Also remember that new regulations are not only for banks and business, but also for customers. They also need time to learn new habits and, even more importantly, trust new services.