PSD2 & SCA - Stop Panicking

As an eCommerce business you have probably been contacted by merchants and platform providers with advice on PSD2. This is why we wanted to share our thoughts and also get the opinion of someone from the front line.

We spoke to David English, Online Payments Expert with over 10 years experience in the industry and put together the below summary…

Firstly – Stop Panicking,

Have you ever stayed up all night to write an essay at School/University, or revised for a test the night before only to find out the deadline / test has been pushed back by a week.

That is exactly what has happened with the ominous deadline of PSD2 and SCA, ecommerce as we know it in the UK and Europe was due to change on September the 14th, but as expected 80% of the countries who had been desperately revising for this test weren’t ready so the date has been pushed back by as much as 18th months (see here for the full roll out plan). So as everyone breaths a big sigh of relief, switches off 3d secure and closes their mastercard and visa terminology manual, lets have a look at what’s actually happened and going to happen.

Like trying to organize a group holiday when a third of your friends can do one weekend, another third can do any weekend apart from the one that the first group can do and the last third haven’t got back to you yet and are waiting to see what everyone else is doing…Not every country in the EU has agreed to the same roll out plan. It currently stands 19 countries have suggested they are keen to delay the rollout, while 7 have expressed it in writing but with delays ranging from 6 months to 18 months depending on which country you are in, it’s all a bit of a mess (and subject to of changed by the time you’ve read this).

What can you do?

It’s only been delayed, SCA is still going to happen so it’s better to keep revising every night and being ready for the test next week, than shutting your text books and cramming the night before again, time is now on your side. So even if you don’t change anything for 18 months, its giving you time to test, trial and finalise what converts best for you once 3DS 2.0 is rolled out. Use the time wisely as when 3DS 1.0 was rolled out it was a mess and merchants felt it on their bottom line with a 10-20% decrease in conversion.

What are the basics?

  1. Strong Customer Authentication – or as it now abbreviated ‘SCA’
    SCA is a major component of PSD2 for digital transactions. The goal of SCA is to reduce fraud, and improve conversion by requiring merchants and issuers to validate consumers when they use electronic payment methods in the European Economic Area (EEA). The most common solution for this is implementing 3-D Secure (which many businesses already use).
  2. Payment impact to marketplaces & platforms or Independent software vendor (ISV)
    A marketplace or platform in Europe can no longer receive payments from shoppers and pay those funds to sellers/vendors under the new PSD2 directive. If it does, it will have to obtain a payments license from a regulator and become a regulated business.

What does this mean?

All card issuers and merchants that process online payments need to have an ‘SCA solution’ in place, this will mean a minimum of two out of three checks will need to be made at the checkout. The three checks are:
– Something only the customer has (i.e. bank card)
– Something only the customer knows (i.e. personal questions)
– Something only the customer is (i.e. Fingerprint / Face recognition)

Many customers are used to this when dealing with 3-D secure pop-ups that many merchants and payment providers already use. 3-D secure has launched an updated version of this (2.x) that is designed to be more user friendly and seamless as part of the user checkout journey. 3-D secure version 1 will still be supported for the foreseeable future while merchants and vendors make the change to 3-D secure version 2.

SO… what do you need to do??

Basically if you currently sell online direct to customers you do need to think about this new legislation. What specific actions you need to take are very dependent on what payment provider you use. Below we have included links to some of our most popular payment gateways with their own suggestions:

Sagepay >>
Braintree >>
Stripe >>
Adyen >>
Paypal >>

However, some very generic advise would be:

  1. Make sure you have 3-D secure enabled (even if version 1)
  2. Make sure you have checked your payment gateways documentation and advice
  3. If you need to upgrade your payment gateway to a newer version speak to your technology partner (if it isn’t us)

Finally Note

There is a whole host of rules and regulations around SCA, including exceptions based on transaction size, acquirers, and what is being sold. There are also rules around how it effects recurring transactions, international transactions and merchant initiated transactions, so if you want to see if you can get an advantage of the new rules please get in contact.

SOtech, collaborating with David English (