New requirements for authenticating online payments in Europe will be introduced on 14th September 2019 as part of the second Payment Services Directive (PSD2).
What is PSD2?
The second Payment Services Directive (PSD2) is an EU regulation, which affects banking and ecommerce. It aims to create clarification and more customer trust. It will permit customers to accept third-party providers to manage their funds, analyse expenditure, make Peer-to-Peer (P2P) transfers and much more, through their existing bank account.
Who does PSD2 apply to?
PSD2 applies to organisations who have an acquirer or Payment Services Provider processing their payments within the EU or EEA.
So, what is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is a new European regulatory requirement aiming to increase fraud prevention and heighten security for online payments. An additional authentication into your checkout flow will need to be created once SCA is implemented.
Two of the following three types of authentication are required for SCA.
1) Something the customer knows (e.g. password or pin)
2) Something the customer has (e.g. phone or hardware token)
3) Something this customer is (e.g. fingerprint or face recognition)
Once the rule is established, banks will decline payments that need SCA if they do not match the standards above.
Now that we understand what SCA is, when is it required?
SCA will be applicable to any “customer-initiated” online payments in Europe. Therefore, most card transactions and all bank transfers will need SCA. In the case of recurrent direct debits, as it is considered “merchant-initiated”, they will not require SCA.
How will this affect you?
This regulation will affect you in the following ways:
1) You will have to update your checkout process
2) You may have to update your gateway integration
3) You will have to inform your customers about the change in user experience
What are the exemptions to SCA?
Variations of low-risk payments may be relieved from having to meet SCA requirements. Fidelity will help businesses to build authentication into their checkout flow by introducing an extra part that will reduce friction and client drop-off.
|SCA EXEMPTIONS||CRITERIA||AN ISSUING PERSPECTIVE|
|Contactless||Amount of transaction does not exceed €50 AND cumulative value of all subsequent transactions does not exceed €150 OR 5 consecutive transactions||
|Unattended Terminals||Payment is for the purpose of paying a transport fare or a parking fee||
|Trusted Beneficiary||Cardholder has designated merchant as a Trusted Beneficiary||
(same amount, same payee)
|SCA is provided at the first transaction in the series, all subsequent transactions can be exempted||
|Low Value Transactions||Amount of transaction does not exceed €30 AND cumulative value of subsequent transactions since SCA does not exceed €100 OR 5||
|Secure Corporate Payments||No amount threshold applies, limited circumstance e.g. virtual cards, lodge cards.||
|Transaction Risk Analysis (TRA)||Subject to Issuer/Acquirer Fraud Reference Rate (FFR):
How will Fidelity help you prepare for SCA?
In order to help you prepare for SCA, we are working with all of our PSPs (Payment Gateways) to ensure that they have updated their integrations in line with the requirements. We will also be contacting all of our affected merchants to ensure that everyone’s transactions will continue to be approved after September 14th, when the regulation comes into effect.
If you have any questions regarding PSD2 SCA, please feel free to get in touch:
T 0345 481 2178