Search post

PSD2 - FAQ

0

PSD2

 

WHAT IS PSD2?

The first Payment Services Directive (EU) 2007/64/EC (PSD1), which came into force in 2009, established common rules for certain types of electronic payments, such as credit transfers, direct debits, card payments, and mobile and online payments. 

Directive 2015/2366/EU on payment services (PSD2) updates and complements the rules set out in PSD1 and takes new providers of innovative payment services into account. 

For official details  regarding PSD2, visit the Central Bank of Ireland website F.A.Q. page (https://www.centralbank.ie/regulation/psd2-overview/faq).

 

WHAT ARE THE GOALS OF PSD2?

  • Make it easier and safer to use internet payment services
  • Better protect consumers against fraud, abuse, and payment problems
  • Promote innovative mobile and internet payment services
  • Strengthen consumer rights.

For official details  regarding PSD2, visit the Central Bank of Ireland website F.A.Q. page (https://www.centralbank.ie/regulation/psd2-overview/faq).

 

WHEN WILL PSD2 COME INTO FORCE?

14 September 2019 is the final deadline for all companies within the EU to comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to directive (EU) 2015/2366 (PSD2).

PSD2 became law in Ireland on 13 January 2018 with the signing by the Minister for Finance of the European Union (Payment Services) Regulations 2018 (Statutory Instrument No.6 of 2018).

 

*Update 13/09/2019*

The EU directive requiring Secure Customer Authentication (SCA) for eCommerce payments as part of PSD2 was set to come into force on September 14th this year.

Due to industry-wide difficulties with meeting this requirement in the given time-frame, that deadline has been extended. The extension period will be 18 months in the UK, and we expect other jurisdictions will confirm extension periods shortly.

Given this change, we expect there will be no disruption to any payments systems on 14 September. We will work with you and all our customers during this extension period to ensure all regulatory requirements can be met in a timely manner, and to avoid any disruptions to service.

We will continue to engage with all of our partners in the industry, to keep up to date on any changes related to this issue as they occur, and ensure you are notified through regular communications.

 

HOW WILL PSD2 AFFECT MY BUSINESS?

PSD2 introduces new requirements known as Strong Customer Authentication (SCA) and the kinds of payments they will impact.

To put it in a simple way, from the PSD2 adoption deadline on, your integrations will be required to Authenticate the customer before the authorization and capture, otherwise they will be rejected by the customer’s credit card issuing bank.

The most common way to do this is using the 3D Secure Model. Take a look at our Knowledge Base to know more about 3D Secure and How To Use 3D Secure with your terminal account in our gateway.

IF I’M ALREADY USING 3DS?

Then you don’t have to worry. You are already PSD2 compliant.

IF I’M NOT USING 3DS AND I HAVE HPP INTEGRATION?

You don’t need to do anything. 3DS will be enabled on your Hosted Payment Page on September 14th.  You will have already received a notice from us in regards to changes to your pricing to support this.

IF I’M NOT USING 3DS AND I HAVE XML INTEGRATION?

Your integrations must be upgraded so they can start to use 3DS. Take a look further, at the How my integrations flows will change question. Once your integration is updated, 3DS can be enabled on your terminal accounts.  A notice advising you of pricing has been sent.

WHAT IF I’M NOT SURE IF I USE 3DS?

There’s a simple way to check.  Just go to your SelfCare account – any terminal with Open Batch feature permission will do. If a 3DS column appears on the search result table, it means that at least one of your terminals has this security feature  enabled.

WHAT IF I’M NOT SURE IF I HAVE A HPP OR XML INTEGRATION?

Talk to your development team/ person.

If they don’t have this information, please contact our support team.

 

HOW DOES PSD2 AFFECT CONSUMERS?

  • Consumers will have a maximum liability of €50 in cases where an unauthorised transaction has occurred on their account, except in cases where it can be proved that they acted fraudulently or were grossly negligent.
  • The unconditional “eight week refund” rights already afforded to consumers by the SEPA Direct Debit Scheme are now enshrined in EU law by PSD2.
  • Retailers are no longer allowed to engage in the practice of “surcharging” whereby they charge consumers fees for paying by debit or credit cards.
  • A payment services’ user can now terminate a contract for the provision of payment services free of charge after a period of six months rather than 12 months.
  • The existing national requirement for all payment services providers to put a complaints resolution procedure in place is reinforced by PSD2.
  • Stricter requirements apply in a number of important areas, for example the initiation and the processing of electronic payments (particularly online payments) and protecting consumers’ financial data.
 

ARE THERE ANY EXEMPTIONS FOR PSD2?

Some payments classified as low-risk may be exempted from Strong Customer Authentication. But remember that the cardholder’s bank is the one that ultimately decides whether to approve the exemption or whether authentication is still necessary.

The most relevant exemptions to be aware of are:

FIXED-AMOUNT SUBSCRIPTIONS

Recurring payments, with the same amount, to the same business. The first payment will require SCA, but the subsequent ones will be exempted.

MERCHANT-INITIATED TRANSACTIONS (SECURE CARD AND SUBSCRIPTIONS)

Secure card payments – when the customer is not present – may qualify as merchant-initiated transactions. They are outside the scope of the SCA. 

To use merchant-initiated transactions, you will need to authenticate the card either when it’s being saved or on the first payment – that’s covered. This also allows the use of variable-value subscriptions.

MOTO

“Mail Order and Telephone Orders” transactions are outside the scope of the SCA and do not require authentication.

 

ARE THE EXEMPTIONS ALWAYS A SURE THING?

Exemptions will be useful to not cause friction in your business (additional steps to complete an authorization), but it’s ultimately the cardholders’ bank’s decision to accept an exemption or not. 

New decline codes for authorizations will be returned by Banks to indicate failed or missing authentication. These transactions will have to be resubmitted to the customer with a request for a Strong Customer Authentication (e.g., 3DS).

If your business is to be affected by SCA, we recommend you adjusting your flow for know cases where you need to add authentication and prepare for a fallback flow, in case an exemption is rejected and your customer needs to authenticate.

 

HOW DOES MY INTEGRATION FLOWS CHANGE?

To guarantee your transactions will be correctly authenticated, even in cases an exemption might fail, you are going to need to:

  1. Activate 3DS in all your terminals.
  2. If you have XML integration, you will need to implement an initial authentication step using 3DS.
What kinds of challenges do self-serve kiosk operations face?
How Omnichannel Payment Technologies Provide a Frictionless Experience in Intelligent Retail

About Author

Worldnet Payments
Worldnet Payments

Related Posts
5 Points For Seamless Payment Device Integration with Unattended Solutions
Build a great eCommerce Site from scratch in three easy steps
The Intelligent Retail Revolution

Comment

Contact Us Today

Contact Us Today