PSD2 (Payment Services Directive 2) is an EU regulation that took effect on 13th January 2018. PSD2 covers a wide range of topics concerning online payments to create a 'single market' for the industry within the European Union.
Whilst an EU regulation, it is highly unlikely that the United Kingdom will not implement any aspect of it regardless of the United Kingdom's withdrawal from the EU.
Certain aspects of PSD2 govern the security element of payments known as SCA (Strong Customer Authentication).
SCA will be a two-factor ID requirement for a large portion of online transactions. Customers making a payment affected by SCA will be required to provide two forms (from the below three) of ID whilst making the transaction:
Knowledge: something only the customer knows such as a PIN or password
Possession: something only the customer has such as a mobile phone or payment card
Inherence: something unique to the customer such as a fingerprint
Initially PSD2 made SCA a requirement for all transactions but exemptions have now been adapted into the regulation for example contactless card payments or online payments up to €30 in value.
Most of the requirements of PSD2 became law on 13th January 2018 but the requirements of SCA do not come into force until September 2019.
How this will impact ShopWired users
3D secure (the customer entering a 'verified by visa' or 'master card secure code' password as an additional step after entering card information) is not currently mandatory.
After the implementation of SCA, 3D secure will become the default for all online transactions and will only not be required for exempt transactions. Exemption is at the discretion of the card issuer's bank and not the merchant.
It's estimated that as much as 95% of online transactions will require authentication via 3D secure to process successfully.
A new standard for 3D secure has been issued by both Visa and MasterCard and is known as 3D Secure 2.0. Both of these card schemes have mandated that 3D Secure 2.0 should be in place for card issuers and merchants by April 2019 in preparation for the September 2019 deadline.
Payment gateways on ShopWired are broadly split into two types
i) Where the customer is transferred to your payment gateway's website to enter card information
ii) Where the customer remains on your website to enter card information
Where you use a payment gateway that transfers the user to the gateway's website to enter card information you should contact your provider and speak to them about PSD2 and SCA and what additional steps you need to take in order to be ready for September 2019. You don't need to involve ShopWired in this process.
Where you use a payment gateway that keeps the user on your website to enter card information, read below.
What ShopWired is doing
A lot of payment gateways that ShopWired supports that keep the user on the website to enter card information already support 3D Secure. Where 3D Secure is already supported, ShopWired is checking the integration to confirm it conforms to 3D Secure 2.0. We will be completing this process by July/August 2019.
Where our integration does not already support 3D Secure we'll be adding support for 3D Secure 2.0 into the checkout flow by July/August 2019.
Notification when 3D Secure 2.0 is available for your gateway will be sent to you by email.
Please note, some gateways have not yet finalised their documentation for SCA or 3D Secure 2.0 and there are still many 'unknowns'. ShopWired will be notified when the documentation is available and will work to implement the new standards as soon as possible thereafter.
Any questions or concerns?
ShopWired cannot answer questions about PSD2 or SCA. If you have any questions you will need to speak to your payment gateway provider.