Payment Services Directive (PSD) 2, Strong Customer Authentication and 3D Secure v2
Effective: 14th September 2019
What Is PSD2?
PSD2 is an EU Directive which uses additional security authentications for ecommerce transactions to help reduce the increasing costs of payment fraud. This will typically mean that during the shopping process the buyer enters a pin code, as per 3D secure already in effect, via a trusted device or with fingerprint reading. You can read more in this Sage Pay article.
Who Does It Affect?
This regulation applies to any electronic payment that takes place within the European Economic Area (EEA). For ecommerce card-based transactions (including digital wallets backed by cards), it applies to transactions where both the card issuer (i.e. financial institution with whom cardholder has relationship) and the acquirer (i.e. financial institution with whom merchant has relationship) both reside within the EEA. If you trade within the EEA then you are affected.
Which Payment Processors Are Affected?
All processors which handle EEA payments, including Sage Pay, Paypal, ePDQ etc.
Is REC+ Ready For This Change?
All payment processing is handled by the payment processors, rather than on your REC+ site, and they will need to comply and update their systems accordingly. You do not need to make any changes on your REC+ website.
Is There Anything I Should Be Doing Before 14th September?
Check via your payment processors to ensure your payment settings have 3D Secure enabled prior to September (if not already enabled). European issuers are likely to start declining electronic payment transactions that have no authentication in place. Read more about this for Sage Pay or refer to your own payment processor for more information.
NB There are no changes needed in REC+
Who Can I Talk To For More Advice Or Setting Up 3D Secure?
Contact your payment processors directly for support and advice.