With ever changing legislation, you may find yourself wondering what are PSD2 and SCA?
What is PSD2?
PSD2 is the second version of the directive created by the European Union known as the ‘Payment Services Directive (PSD), which was first launched in 2007.
PSD was introduced to act as a regulator for payment services and payment service providers (PSPs) to facilitate secure online payments. It aimed to ensure there was a more integrated and efficient European payments market, removing the banking industry’s monopoly on providing safe electronic transactions.
As PDS2 is a European Union directive, only transactions where the issuing and acquiring banks are in the European Economic Area (EEA) will be affected. PSD2 requires Strong Customer Authentication (SCA) to be carried out as a way to increase security and authorization rates whilst decreasing fraud rates for electronic payments.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is a way of proving the identity of a cardholder during an online transaction.
It requires at least two of the following from the consumer:
How is SCA carried out?
In most cases when there is an online transaction using a debit or credit card, strong customer authentication is achieved using 3D Secure (3DS.)
During these transactions, a cardholder is asked to provide proof of their identity by entering a unique password, SMS code, or a temporary PIN.
What does this mean for businesses?
SCA must be used whenever there is a Cardholder Initiated Transaction (CIT) occurring.
SCA is extremely beneficial for all parties involved, including merchants, by protecting them against the threat of payment fraud.
Mail order/Telephone order (MOTO) transactions are exempt from SCA as they do not have the cardholder present at the point of transaction.
For more details on how your business will be directly affected, Visa released a document containing everything you need to know which can be found here.