What is PSD2?
PSD1 and PSD2 are Payment Services Directives put in place by the European Commission.
The European Commission’s main objective is to create an efficient market for payment services.
This fair and harmonized market should benefit both payment providers and consumers including the following:
- the same rules all over the EU
- clear information on payments
- fast payments
- consumer protection
- a wide choice of payment services
As a result, EU citizens would be able to have a seamless experience whether they pay in their own country or in another country of the EU i.e. easy, secure and with the same fee. (1)
PSD1 laid out a set of common rules in 2007
The scope of the First Payment Services Directive spanned across the whole European Economic Area, i.e. European Union, Iceland, Norway and Liechtenstein.
It covers all types of electronic and non-cash payments (credit, debit, card, mobile and online), and it details all what payment providers need to be transparent and protect its users.
It also acknowledge new types of payment providers other than traditional banks so as to increase competition and provide more choice.
PSD2 addressing new digital payment services (2018)
PSD2 made revisions to PDS1 to take into account new ways to pay and includes directives to:
- make it easier and safer to use internet payment services
- better protect consumers against fraud, abuse, and payment problems
- promote innovative mobile and internet payment services
- strengthen consumer rights
- strengthen the role of the European Banking Authority (EBA) to coordinate supervisory authorities and draft technical standards
It also regulates interchange fees so as to limit the fees for transactions based on consumer debit and credit cards and ban retailers from performing credit card surcharges to end users.
How does it affect my Magento checkout?
SCA: Strong Customer Authentification
The key impact of PSD2 on eCommerce is the enforcement of Strong Customer Authentication (SCA), in order to reduce fraud.
That means that when consumers want to pay, they need to identify themselves with 2 out of these 3 ways:
- Something they know (password, pin etc…)
- Something they have (phone, token…)
- Biometrics (finger prints, face recognition, voice etc…)
As such, your payment providers would have included that in their payment flow. Once consumers hit your checkout, chose their payment method and press : “order now”, your payment provider will add a verification step.
The deadline is pushed back to 2021!
The original plan is that from 14th September 2019, eCommerce businesses whose payment providers failing this strong authentication process will have their payment declined and will lose sales.
A month before the deadline, the European Banking Authority (EBA) saw the complexity involved in the second directive and is now offering further time for Payment Services Providers to be compliant. Read the EBA Opinion here.
As an example, the Financial Conduct Authority in the UK stated:
” The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA. “fca.org.uk
PSD2 and SCA have no impact on your Magento checkout powered by OneStepCheckout
OneStepCheckout is just a layer that changes how your checkout looks like. We are not a payment services provider so there is no impact on OneStepCheckout. The additional verification steps happens on the payment provider’s side.
With this directive originally set to be implemented on 14th September 2019, your payment provider has probably emailed you to make sure continuity of your business and asked you to upgrade to the latest version of their Magento plug-in.
Get more information from your payment provider
Here are documentation and guide from some of the most popular payment providers who we work closely with.
- Stripe guide to SCA
- Braintree Merchants Resource
- PayPal: Be Prepared for PSD2
- Adyen PSD2 SCA compliance and implementation guide
- Cybersource, Authorize.net, PSD2 and You
- SagePay: PSD2, SCA and 3D Secure explained