Disclaimer on PSD2 and SCA guidance
This guidance is based on our knowledge on best practices within the payment industry.
Please bear in mind - we are payment experts, software engineers and technical specialists - therefore, please revert with your lawyers and legal counsellors regarding the specific impact of PSD2 on your business.
On 14th of September 2019 Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and secure communication under PSD2 comes into effect.
Apply 3-D Secure processes across all affected payment use cases. Do not wait for 3-D Secure 2. Once 3-D Secure is applied by the merchant, the versioning update will be handled by us.
- 3-D Secure 2 and 3-D Secure 1 are compliant to Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and secure communication under PSD2.
- 3-D Secure 2 does enforce SCA and fully supports exemptions.
- 3-D Secure 1 does not strictly enforce SCA and does not support exemptions. It is the only available fallback as long as 3-D Secure 2 is not broadly enrolled over the EEA regions by issuers, acquirers and other parties.
The European Banking Authority (EBA) has launched the Payment Service Directive 2 (PSD2). It regulates all banks and financial institutions in the EEA (European Economic Area). Some of the PSD2 regulations have already come into effect (i.e. open banking, no surcharging). In this guideline we focus on the latest elements to be enforced: Regulatory Technical Standards (RTS), on Strong Customer Authentication (SCA) and secure communication under PSD2 in relation to Credit Cards schemes.
- Enhancing consumer protection
- Promoting innovation
- improving the security