❗️

Disclaimer on PSD2 and SCA guidance

This guidance is based on our knowledge on best practices within the payment industry.

Please bear in mind - we are payment experts, software engineers and technical specialists - therefore, please revert with your lawyers and legal counsellors regarding the specific impact of PSD2 on your business.

Chapters

• Checklist
• Scope
• Integrations
• FAQ

Timeline

• On 16th of October 2019, the EBA Opinion on the deadline for the migration to SCA was published. A transition period has been set at 15 months, i.e. SCA will be enforced as from 1 January 2021.
• On 14th of September 2019 Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and secure communication under PSD2 came into effect.

3-D Secure versions

📘

Merchant action

Apply 3-D Secure processes across all affected payment use cases. Do not wait for 3-D Secure 2. Once 3-D Secure is applied by the merchant, the versioning update will be handled by us.

• 3-D Secure 2 and 3-D Secure 1 are compliant to Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and secure communication under PSD2.
• 3-D Secure 2 does enforce SCA and fully supports exemptions.
• 3-D Secure 1 does not strictly enforce SCA and does not support exemptions. It is the only available fallback as long as 3-D Secure 2 is not broadly enrolled over the EEA regions by issuers, acquirers and other parties.

Background

The European Banking Authority (EBA) has launched the Payment Service Directive 2 (PSD2). It regulates all banks and financial institutions in the EEA (European Economic Area). Some of the PSD2 regulations have already come into effect (i.e. open banking, no surcharging). In this guideline we focus on the latest elements to be enforced: Regulatory Technical Standards (RTS), on Strong Customer Authentication (SCA) and secure communication under PSD2 in relation to Credit Cards schemes.

Goal

• Enhancing consumer protection
• Promoting innovation
• improving the security