If you accept payments online or develop web apps that do, you may have noticed some new acronyms like SCA, PSD2, and 3DS2.0 floating around.
As the world of online payments continues to evolve, new regulations and new technologies to support these regulations, become necessary to understand and comply with. This article aims to clarify what is changing with how you accept payments online.
New Regulations, New Technology
The European Union (EU) has a set of regulations called the Payment Services Directive (PSD). These regulations govern how online payments are to be conducted. The PSD, first introduced in 2007, was recently revised to adopt modern security standards and take advantage of recent advances in mobile payment technology.
This updated version of the directive, more commonly known as PSD2, aims to improve the EU economy by reducing fraud and increasing innovation in the financial technology industry.
PSD2 adds new rules for how online payments must be conducted, including the implementation of Strong Customer Authentication (SCA). This is essentially 2-factor authentication for “high-risk” online payments. Integrating SCA into payment gateways allows banks and card issuers to provide a security challenge to users if the transaction is determined to have a higher risk for fraud.
Some transactions are exempt from SCA requirements, such as fixed-price automated recurring payments and transactions under €30, but most will require the user’s card issuer to determine whether or not a security challenge is required for the transaction.
3D Secure 2.0 (3DS2.0) is the new authentication protocol which makes SCA possible. 3DS2.0 allows more information to be provided to issuers when determining a transaction’s risk, such as device information and payment history, This means fewer “false-positive” declined transactions by the bank and an overall smoother checkout experience for you and your customers.
Effective September 14, 2019, banks and card issuers in the EU will begin declining payments for most transactions through payment gateways which do not implement SCA.
Frequently Asked Questions About SCA
- Q: Do I have to do anything to comply with the new regulations?
A: Just keep Paid Memberships Pro updated. Our core payment gateway integrations will be updated before PSD2 fully takes effect on September 14, 2019. As long as you keep Paid Memberships Pro updated, you’re good to go.
- Q: What will happen if I don’t upgrade?
A: Starting September 14, 2019, banks in Europe will begin declining non-exempt transactions which don’t meet the SCA requirements. Many customers with card issuers in the EU will be declined at checkout if SCA isn’t integrated into the payment gateway.
- Q: What if I’m not in the EU?
A: PSD2 only affects customers with card issuers in the EU. If you don’t have customers in the EU, you won’t have any issues when PSD2 takes effect in September. However, many other regulatory bodies all over the world are considering similar legislation to enforce SCA as well, so it’s a good idea to upgrade now.
- Q: How will the checkout process change for my users?
A: SCA will add additional verification steps during the checkout process for some transactions which are determined to have a higher risk of fraud. This will typically look very similar to many login processes which require 2-factor authentication you may already be familiar with, such as logging into a social media account on an “unrecognized” device.
For example, a user may check out on your website on their laptop and be required to confirm their identity through their bank’s mobile app on their smartphone. The actual experience will vary depending on the customer’s card issuer, but they will generally be required to authorize the checkout using 2 of the following if SCA is required for the transaction:
- Something you know such as a password
- Something you own such as a mobile phone
- Something you are such as a fingerprint
- Q: Will this affect conversions?
A: Additional steps in the checkout process can cause friction with the checkout experience for your users, so there is a possibility that SCA can affect conversions negatively. However, 3DS2.0 allows banks to determine a transaction’s risk more accurately than before, based on many factors such as a user’s payment history and device. Typically, 95% of transactions are determined to be low-risk and do not require the extra verification step.
- Q: I have another question not answered here.
A: Please post a comment below or reach out to us in the Support Area. We will do our best to assist you with your query.
Online Payments Continually Evolve
As the world of online payments continues to evolve, it’s crucial to stay up-to-date with new regulations and technologies to ensure compliance and a seamless checkout experience for your customers.
The Payment Services Directive (PSD2) is the latest regulation introduced by the European Union to govern online payments and reduce fraud while increasing innovation in the financial technology industry.
One of the key requirements of PSD2 is the implementation of Strong Customer Authentication (SCA) for high-risk online payments.
By keeping your payment gateway integrations updated and implementing SCA, you can ensure that your business is compliant with PSD2 and provide a secure checkout experience for your customers.