What is PSD2, and how it affects my business?
The Payment Services Directive 2 is an EU directive that aims to enhance the safety of payments services in Europe while also encouraging healthy competition, innovation and the adoption of new technologies by financial services firms.
How does PSD2 help us?
PSD2 brings greater transparency for businesses and customer around terms and conditions, as well as currency exchange rates. It enables you to see your financial data from multiple finance providers all in one place.
It helps to increase competition in the financial services industry and enables new, innovative businesses to enter the market.
The directive also enhances the safety of payments across the EU and offers an improves complaint handling process for consumers, particularly those who are out of pocket.
What is Strong Customer Authentication?
PSD2 introduces Strong Customer Authentication (SCA), which protects customers’ cards by ensuring there are two authentication points when a customer uses their card, across the following options:
- Knowledge: the customer inputs their PIN or password.
- Possession: they authenticate through an object that the customer has, such as a card reader or their mobile phone.
- Inherence: a form of biometrics is used to verify the customer by checking a unique feature of their being such as a facial scan, iris scan or a fingerprint.
Does Strong Customer Authentication cover all payments?
SCA adds additional time and effort to the payment process, so some exemptions are available including:
- Contactless payments that are made in your store in person with a single value less than €50 or a cumulative maximum value of €150, or five transactions.
- Online payments of less than €30, or five transactions, or a maximum cumulative value of €100.
- Certain low-risk payments.
- Recurring methods with the same merchant for the same amount.
- Whitelisted merchants that consumers have validated so that their future payments to these providers do not require additional security.
- Secured corporate payments that are made through a specific payment protocol.
PSD2 is creating a more open banking system
PSD2 is also opening up banking through its requirement for the biggest UK banks to share customer information with third party payment providers (TPPs). This initially sounds a little odd; why would customers want their most sensitive data to be shared?
In practice, this applies when a consumer uses an app that combines their finances into a single view, for example, a budgeting app. Previously a customer would need to log into the bank accounts with each provider separately to access this information. Open banking will also support lending processes as a potential customer can allow a prospective lender to have access to their income and spending details. This system also supports direct payments.
Banks must provide Application Programming Interfaces, known as APIs, that enable a customer’s data to be shared safely if the customer requests this. The customer retains control of where their data is and isn’t shared.
What’s the timeframe for PSD2?
PSD2 became law on 13 January 2018.
The European Economic Area has given a deadline of 31 December 2020 for enforcing SCA. However, the Financial Conduct Authority has stated that SCA will be delayed until 14 September 2021 in the UK. That is the date that card issuers will have to decline transactions that do not use a technology known as 3D Secure 2 in the payments process, unless the payment is exempt. 3D Secure 2 passes the liability from you as the merchant, to the issuing bank
How can I make sure that I am compliant?
The most important thing you can do to get your business ready is to ensure that your payment solutions provider offers card machines and other payment solutions that are fully compliant with PSD2 regulations.
Make sure that your payment solutions provider is backed by a reputable and established bank that has high-quality standards.
The biggest concern that merchants have about PSD2 is the potential for losing sales at the checkout stage due to increased friction in the payment process. Get ready for SCA by making sure that your online payment processes have all the necessary fields to verify payments in line with the new regulations. Give customers as many options as possible to authenticate themselves.
If you are still working predominately with cash in your business, now is the time to start exploring card machines and online payment gateways so that you do not miss out on sales. Find a provider such as UTP Group, who let you apply for a card machine online.
Conclusion: find the right partner for the next phase of PSD2
PSD2 has been around for some time now, and it brings with it a variety of benefits for customers and businesses, including more security, transparency, competition and innovation.
There is still time to get your business ready for Strong Customer Authentication before it becomes a legal requirement for banks to decline payments that are in scope, that do not meet the criteria.
Make sure that you partner with a payment solutions provider who can help you thrive in this new environment for payments.