In May we talked about Europe’s revised Payment Services Directive (PSD2), what it means, and what Segpay is doing to ensure merchants are in compliance. With PSD2’s September 14th start date less than a month away, we thought this was a good time for an update on where things stand and what will change for Segpay merchants under these new EU regulations.
What is PSD2 again?
As a reminder, PSD2 is an EU law that introduces new requirements for authenticating consumers who submit online payments, to help reduce fraud and make payments more secure. These requirements – known as Strong Customer Authentication (SCA) – apply if your merchant account is in the EU and you are accepting payment from a consumer with an EU-based credit card. In that scenario, SCA mandates that you authenticate a consumer using at least two of the following:
- Something the consumer knows – for example, a PIN or password.
- Something the consumer possesses – for example, a phone or device with a secret token.
- Something the consumer is – for example, a physical characteristic identified through facial recognition or fingerprint scan.
For Segpay merchants, SCA is handled by 3-D Secure (3DS), version 2.0. Segpay merchants have long benefited from the added protection of 3DS, which shifts liability for most fraud-related chargebacks from the merchant to the card-issuing bank, once the consumer is successfully authenticated.
What is changing for merchants starting on September 14th?
What’s changing is that now SCA is a requirement for Europe-to-Europe transactions, as described above, and that Segpay will implement 3DS 2.0 to handle SCA. This latest version includes the security features necessary to meet PSD2 requirements.
When PSD2 goes into effect, any transaction that is considered “in scope” (Europe to Europe) which does not incorporate SCA, will likely be declined by the card-issuing bank. Segpay merchants need not worry. If your business has an EU presence, we will automatically enable your account to authenticate EU consumers through 3DS 2.0 before authorizing their payments. If you aren’t based in Europe, you’ll still be upgraded to 3DS 2.0 and enjoy the added protection, but your transactions are much less likely to be challenged.
What other changes is Segpay introducing to help with PSD2 compliance?
- Merchants will receive new postback notifications that identify transactions where consumers went through 3DS authentication.
- The Merchant Portal will feature a new PSD2 Transactions Report including details about all transactions that used SCA.
- To bolster 3DS’s authentication and fraud-prevention capability, our payment form will include optional fields for City (and State, in the US) for in-scope transactions. Sometime after the PSD2 launch, merchants will be able to remove these fields.
- One-click transactions – when determined to be “in scope” – will be authenticated through 3DS 2.0.
- Our One-click web service will work a little differently under PSD2. If you use this service, please contact us for more details.
- One click payments will now require consumers to enter their CVV code, a more secure form of verification than an email address or expiration date.
We will keep you updated with the latest information to ensure your transactions meet the mandated PSD2 requirements, where necessary, with minimal impact to your business. Please contact your Segpay sales rep or [email protected] if you have questions about PSD2 or SCA/3DS.