For the last several years, there has been substantial growth in e-commerce. In response, the European Union is amending its regulations surrounding it. As a result, the PSD2 (Payment Services Directive 2) has replaced the original Payment Services Directive. PSD2 helps level the competition in a fair way between online payment service providers and regular banks.
For instance, SCA (Strong Customer Authentication) will be implemented for purchases made online. This is a two-factor authentication system which each buyer must go through before their payment gets accepted. As the owner of an e-commerce business, the PSD2 provides better security for your customers as well as for your website.
Let’s discuss the changes you can expect for your online business and its customers.
PSD2 & SCA
The European Union created the PSD2. It sets new rules for online payment service providers that are different than the previous rules. SCA is the biggest change in the rules. Starting on September 14, 2019, any online purchase within the EEA must go through the two-factor authentication system.
Important Note: While the PSD2 is currently in effect as of this writing, most member nations have announced temporary enforcement extensions. For example, the United Kingdom has announced an 18-month phase-in period for the Strong Customer Authentication (SCA) requirements for UK cards.
How does the payment process change?
Previously, an online purchase only required a credit card number and its three-digit security number on the back. However, this has changed since the creation of the SCA requirement. Now there are two security factors which must be established before the payment is approved.
There are three factors to choose from. Only two are needed. The choices are something you remember, something you possess and something that is personal. For example:
- Password or PIN
- Credit card, bank card, or registered smartphone. If using a card, you’ll need to enter its security number.
- Facial features or fingerprinting
These factors should not be new to you if you’ve ever used online banking before. When you log into your online banking account, you need to enter a PIN or password. Sometimes you even need to verify a security code which gets texted to your smartphone.
Two-Factor Authentication Exceptions
The PSD2 only applies to payments which are processed over the Internet that presently don’t have the best standards in place for their security. This would not include debit, payment in advance, or invoice.
All payments under €30 do not require two-factor authentication.
The Importance of SCA for Online Commerce
According to various surveys, credit card fraud causes an estimated €1.3 billion in damages per year throughout the European Union.
Requiring SCA for each online payment helps ensure that stolen credit cards and other financial credentials are not used over the Internet by thieves. The European Union wants to give more protection to sellers and buyers by implementing these rules. They help keep Internet users safe when engaging in e-commerce at an international level.
How Does SCA Effect Your E-commerce Business?
The online payment service providers implement the SCA factor directly for each transaction. As an e-commerce business owner, there is nothing you need to do where this is concerned. Your payment service provider automatically includes the second security authentication factor after the first one is completed by the customer. In other words, you don’t need to do any manual modifications to your payment system.
Presently, the two-factor authentication is being worked on by these payment service providers, in accordance with the member nations regulators and issuing banks. As of this writing, very few European banks have started enforcing these requirements. But that will inevitably change, and payment service providers and merchants need to be ready for the effects.
The Possible Effects of SCA and PSD2
Most e-commerce professionals predict that it won’t take long for customers to adapt to the two-factor authentication requirement. But, in the beginning, some customers may get discouraged by it during their checkout and will decide to drop off.
Why? Two-factor authentication requires customers to register their smartphone or something else they own first. Otherwise, they won’t be able to complete the second step of this security procedure. Even though this process is fairly quick and simple to perform, some customers don’t like to go through any more additional steps in the checkout process. This is what gets them to quit altogether.
Remember that this new requirement affects all e-commerce businesses and customers which are associated with the EEA. In the coming years, two-factor authentication is going to be normal and common for most Internet transactions.
At IntegralPay we stay updated with the industry trends and regulations to ensure your success as an online merchant!