The impact of PSD2

The Payment Services Directive 2 (or PSD2 for short) is a piece of EU legislation that aims to make banking safer, more transparent and more innovative. It was introduced in part to help tackle the rising levels of online fraud and it follows the launch of PSD in 2007, which helped establish an EU single market for payments.

A key part of PSD2 is Strong Customer Authentication (SCA), which aims to make buying online more secure. It will mean customers will sometimes need to take extra steps to confirm their identity when shopping online.

This is also known as two-factor authentication and issuers will ask for two of the following three:

• • something the customer knows, like a password or PIN
• • something the customer has, like a mobile phone or payment card
• • something the customer is, like their fingerprint or voice pattern

Some payments will be exempt from the extra check. You can check out the full list in our whitepaper that tells all on the new regulation.

We recommend you get ready for SCA as soon as possible - issuers are required to start declining transactions from January 2022^†. If you don’t have SCA in place, you risk your transactions being declined, which could lead to customer frustration and increase the chances of cart abandonment. Barclaycard Transact can help to reduce this friction and manage fraud.

With cybercrime on the rise, PSD2 legislation has been introduced to help make banking safer. A key part of this is SCA (Strong Customer Authentication), which means customers will sometimes need to take extra steps to confirm their identity when shopping online. All merchants will need to adhere to SCA when it comes into effect.

This is where Barclaycard Transact comes in. It works with our online payment gateways^** to manage fraud, maximise sales, and help remove the extra steps that customers could incur when shopping online.

3D Secure (3DS) will also be able to support you with two-factor authentication under PSD2.

3D Secure 2 (3DS v2) was rolled out in response to these new regulatory requirements, as well as the evolution of ecommerce over the last decade.

Our recommendation is to use 3DS2 (3DS v2). It can take some time to put in place so we suggest that you start implementing it now and activate it as soon as possible. Don’t underestimate the time needed for build, testing and customer education or understanding the impact on customer experience and the risk of abandoned baskets.

To help streamline the checkout journey, some payments will be exempt from Strong Customer Authentication (SCA):

• • low-value transactions (below €50 or £45 in the UK)
• • recurring transactions (Direct Debits or subscriptions for the same amount and payee). These will require SCA for initial set up and subsequent amendments
• • contactless transactions under €50 (or £45 in the UK)
• • unattended terminals (e.g. parking meters or public transport)
• • whitelisting – customers can ‘whitelist’ merchants as ‘trusted beneficiaries’ and won’t need to authenticate with them once an initial check is completed. Issuers can still reject requests where they believe there is a high-risk of fraud
• • Transaction Risk Analysis (TRA) – this may apply if a transaction is low-risk
•  
• Transactions where SCA is not required:

• • mail order and telephone order transactions (MOTO)
• • merchant initiated transactions
• • transactions where the issuer or acquirer is outside the EEA
• • anonymous payments – cards with no cardholder name e.g. gift cards