PSD2

Strong customer authentication in the framework of PSD2

On 1 January 2021, the “Strong Customer Authentication” (SCA) will become mandatory in e-commerce throughout Europe. The regulatory requirements are defined in the EU Payment Services Directive “PSD2” of the European Banking Authority (EBA).

From this day onwards, online purchases by credit card must be confirmed by two factors in accordance with the directive. The SCA requirement became first applicable in September 2019. However, the mandatory use was suspended until now, as many merchants, but also payment and infrastructure service providers, first had to create the technical prerequisites for compliance. This transitional period for the SCA will now definitively end on 31 December 2020.

In order to meet the new EU standards under PSD2, the EMVCo industry association has developed the extended security protocol 3D-Secure (3DS2), as SCA requires authentication using two factors from different features:

• Knowledge (e.g. password, code, PIN)
• Ownership (e.g. token, smartphone)
• Inherence (e.g. fingerprint, voice recognition)

The advantages of using 3DS2

Improved customer experience

The 3DS2 security standard is introduced by EMVCo and the major credit card systems. The card-issuing bank also determines whether the security request is triggered for the exceptions provided for, so you as a merchant should upgrade to the SCA standard accordingly and benefit from the improved online and mobile shopping experience for your customers. The aim is to provide greater payment security, competition and consumer protection.

Mobile Payment

3DS1 only supports browser-based transactions, 3DS2 allows authentication for in-app purchases (e.g. biometric authentication with fingerprint).

Liability Shift

By using the security procedure, the responsibility in the event of fraud no longer lies with the merchant, but with the card-issuing bank. The majority of online transactions must now be secured via 3DS2, so that many merchants can benefit from the reversal of liability.

In addition to strong customer authentication, there are two other innovations that have been in effect since 14 September 2019.

Opening the account interfaces

With the opening of account interfaces, merchants will be able to offer services to customers even though they are not yet regulated under the PSD2. For this purpose, the merchant must use a regulated third-party provider such as Fintecsystems or FinAPI as an intermediary. The main objective of this new regulation is to strengthen competition.

Surcharge ban

Another innovation is the so-called surcharge ban. Merchants often charge extra fees for payments by credit card or other payment methods. With the new directive, these additional costs should no longer be passed on to the customer.

In advance you will find further information here:

List of Payment and E-Money institutionen under PSD2

Register of payment and electronic money institutions of BaFin

EMVCo information on 3D-Secure

We are in active exchange with the payment service providers integrated in billwerk to support you as a merchant in preparing for the further development of PSD2.

If you have any questions in advance, please contact billwerk-Support directly by phone or e-mail.