A key element of PSD2 is the introduction of additional security authentications for online transactions, known as strong customer authentication (SCA). It means customers will no longer be able to checkout online using just their credit or debit card details, they will also need to provide an additional form of identification.
PSD2 requires the use of two independent sources of validation by selecting a combination of two out of the three categories (commonly known as the ‘two-factor authentication’):
· something you know (e.g. PIN)
· something you have (e.g. card/phone)
· something you are (e.g. fingerprint)
Who is in scope?
This legislation is applicable to transactions in the European Economic Area (EEA) only, where both payer and payee are in the region. Note that MOTO payments are exempt so if you process transactions over the telephone, or accept mail orders, this will not impact you.
When is it mandatory from?
Originally, the mandatory date for SCA implementation was 14th September 2019. Following a detailed analysis, the FCA decided to extend the deadline to March 2021 to allow industry bodies more time to implement it.
What will you need to do?
Our ecommerce merchants need to implement 3DS version 1. We will do the rest.
We will upgrade our terminal merchants directly, you need to do nothing further.