If you’re in charge of compliance or mitigating potential fraud in your organization, you need to be up-to-date with what’s been happening over in the European Union. And with good reason! The European Union’s recent Payment Services Directive (PSD2) is a groundbreaking development that is now steadily being enforced throughout Europe. Building off the original PSD directive from 2005, PSD2 has in fact, been around since 2016, but only truly came into effect for many European businesses at the end of 2020.
Here is a quick guide to help you wrap your head around what the new PSD2 and SCA requirements are and how it may impact your business this year and into the future by answering the following questions:
Although PSD2 officially came into force on 13 January 2018, many banks and financial institutions ran into difficulties implementing all the changes — particularly Strong Customer Authentication (SCA). In the end, the European Banking Authority decided to grant an extension, giving companies in the EEA up until 31 December, 2020 to roll-out their SCA. The Financial Conduct Authority (FCA) then gave an additional extension for UK companies, pushing their final enforcement date to 14 September, 2021.
PSD2 is designed to whip the online payments industry into shape by setting core regulations in three areas — customer rights, third-party access, and security — and includes Strong Customer Authentication (SCA) as one of the core requirements of this directive. Despite this being only a requirement for banks and financial institutions operating in the European Economic Area (EEA), North American businesses will start to feel the impact of PSD2 and SCA throughout 2021 and beyond.
PSD2 was put into place by the European Union to better regulate the online operations of banks and financial institutions throughout Europe in order for customers to receive more transparent and more secure payment processing services. It covers three main areas of online financial transactions, namely:
All of these are designed to make financial transactions carried out online more open and more easily scrutinized by regulating bodies. Read more on Security Regulatory Compliance.
Though there are many exceptions based on the type of payment, the payment amount (anything less than 30 Euros is normally exempt), and the frequency of the transaction (such as for subscription-based businesses), there are a couple of ways PSD2 and SCA may impact North American businesses moving forward. These can include:
Higher standards in payment security — these new regulations are not only designed to help prevent identity theft but to fight card-not-present (CNP) fraud which has been increasing over the past few years. As these new standards slowly become the norm for European customers, they may feel that something is amiss if trying to purchase from a business that does not have these additional layers of security.
European institutions enforcing SCA worldwide — even though the customer’s bank and card issuer both need to be operating in the EEA for SCA requirements to be mandatory, some European financial institutions may enforce SCA on merchants no matter where they are located. Meaning they could potentially decline payments for transactions where SCA is not involved.
International expansion — if your company is growing quickly (and congrats to you if it is), and you are considering opening a European-based entity or online store, then you will be required to adhere to PSD2 and SCA. Likewise, if you are US-founded and based, but have entities already established within the EEA, you will need to make sure you are fully PSD2 and SCA compliant as soon as possible.
Implementing a fully passwordless authentication solution as part of your payment processing security measures will make sure your business is in line with the new PSD2 and SCA requirements. This will ensure your customers are getting the highest level of cybersecurity protection possible, wrapped up neatly in a smooth and totally seamless user experience. Adopting this technology will help businesses not only win customers’ patronage, but their trust, and will keep them and their customers far out of reach of security-related conflicts in the future.
Need to get your business PSD2 and SCA-compliant? Discover how with Transmit Security passwordless authentication today.