New requirements for authenticating online payments in Europe will be introduced on 14th September 2019 as part of the second Payment Services Directive (PSD2).

What is PSD2?

The second Payment Services Directive (PSD2) is an EU regulation, which affects banking and ecommerce. It aims to create clarification and more customer trust. It will permit customers to accept third-party providers to manage their funds, analyse expenditure, make Peer-to-Peer (P2P) transfers and much more, through their existing bank account.

Who does PSD2 apply to?

PSD2 applies to organisations who have an acquirer or Payment Services Provider processing their payments within the EU or EEA.

So, what is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is a new European regulatory requirement aiming to increase fraud prevention and heighten security for online payments. An additional authentication into your checkout flow will need to be created once SCA is implemented.

Two of the following three types of authentication are required for SCA.

1) Something the customer knows (e.g. password or pin)
2) Something the customer has (e.g. phone or hardware token)
3) Something this customer is (e.g. fingerprint or face recognition)

Once the rule is established, banks will decline payments that need SCA if they do not match the standards above.

Now that we understand what SCA is, when is it required?

SCA will be applicable to any “customer-initiated” online payments in Europe. Therefore, most card transactions and all bank transfers will need SCA. In the case of recurrent direct debits, as it is considered “merchant-initiated”, they will not require SCA.

How will this affect you?

This regulation will affect you in the following ways:

1) You will have to update your checkout process
2) You may have to update your gateway integration
3) You will have to inform your customers about the change in user experience

What are the exemptions to SCA?

Variations of low-risk payments may be relieved from having to meet SCA requirements. Fidelity will help businesses to build authentication into their checkout flow by introducing an extra part that will reduce friction and client drop-off.

SCA EXEMPTIONS CRITERIA AN ISSUING PERSPECTIVE
Contactless Amount of transaction does not exceed €50 AND cumulative value of all subsequent transactions does not exceed €150 OR 5 consecutive transactions
  • Counter at Issuing host
  • Will likely opt for Value counter @ €150
  • Terminals need to read soft decline and request PIN or full decline & require Chip & PIN transaction
Unattended Terminals Payment is for the purpose of paying a transport fare or a parking fee
  • Must be correctly/easily identifiable as UAT — Transport/Parking
Trusted Beneficiary Cardholder has designated merchant as a Trusted Beneficiary
  • Plan to leverage Visa Trusted Seller solution – 3D Secure 2.2 is a pre-requisite
Recurring Transactions
(same amount, same payee)
SCA is provided at the first transaction in the series, all subsequent transactions can be exempted
  • Must be correctly tagged as RT — if data not reliable will decline
  • Must be able to trace back to initial SCA (Transaction ID)
Low Value Transactions Amount of transaction does not exceed €30 AND cumulative value of subsequent transactions since SCA does not exceed €100 OR 5
  • Counter at Issuing host
  • Will likely opt for value counter
  • Contactless/UAT/RT could unnecessarily utilise this counter if not flagged correctly
Secure Corporate Payments No amount threshold applies, limited circumstance e.g. virtual cards, lodge cards.
  • Not an exemption we can use as does not apply to T&E cards
Transaction Risk Analysis (TRA) Subject to Issuer/Acquirer Fraud Reference Rate (FFR):

  • Under €100 = 13bps, €101-€250 = 6bps; €251-€500 = lbps; €500+ = SCA
  • Intend to use Issuer TRA where possible subject to FRR — 3D Secure is a pre-requisite
  • If Acquirer TRA flag provided will likely accept subject to FRR calculation

How will Fidelity help you prepare for SCA?

In order to help you prepare for SCA, we are working with all of our PSPs (Payment Gateways) to ensure that they have updated their integrations in line with the requirements. We will also be contacting all of our affected merchants to ensure that everyone’s transactions will continue to be approved after September 14th, when the regulation comes into effect.

If you have any questions regarding PSD2 SCA, please feel free to get in touch:
T 0345 481 2178
E support@fidelitypayment.co.uk
W fidelitypayment.co.uk

CONTACT US

Leave A Comment

CONTACT LONDON
1 Tapper Walk,
Kings Cross
London N1C 4AQ
MAP
CONTACT MANCHESTER
1st Floor, Grosvenor House
Agecroft Enterprise Park
Manchester M27 8UW
© Fidelity Payment 2018. Registered in England and Wales 08004359
Fidelity Payment Processing Ltd is licensed by MasterCard and Visa as an Independent Sales Organisation of AIB Merchant Services

Website development by: Discover Design Studio
  • 0345 481 2178