PSD2 is the second iteration of PSD – the Payments Service Directive – which was established in 2009 for the EU member states. It created a single market for payments (credit transfers, direct debits, and cards) in the European Union, and aimed to make cross-border transactions within the EU as easy and secure as payments within a member state.
Due to the increasing digitization of the European economy, PSD2 will build on the original concept of PSD – making payments safer, driving payments innovation, and mandating new security processes and encouraging standardized technology.
It seeks to do this by understanding and accommodating more payment types, payment methods and players in the payments industry which, as they were new and therefore out of the scope of the original PSD, were not regulated at an EU level.
The benefit of this for shoppers is that there is more competition for banks in the payments space, which gives consumers greater choice.
Who is PSD2 for?
PSD2 is designed to protect shoppers, retailers, and all payments service providers by reducing fraud and all the associated costs for both retailers and all other players in the payment chain.
It does this by expanding the scope of customer authentication with Strong Customer Authentication (SCA). What this means is that retailers are required to ask their customers for two of the following when making online payments – something they know (PIN, password), have (fingerprint, iris recognition, face) or own (bank card or phone). Failure to comply with the regulations could mean that shoppers’ banks will not allow the transaction which would impact on merchants’ revenue.
How can merchants prepare for PSD2?
There are two main ways merchants can prepare for PSD2. Merchants need to be sure that their Payments Service Provider (PSP) is compliant with PSD2. This means that the PSP must offer SCA.
Merchants also need to confirm with their acquiring bank what their Transaction Risk Analysis (TRA) exemption rate will be, as this could greatly increase or decrease the amount of transactions that are processed without friction for the shopper.
The TRA exemption rate means that if, for example, Bank X gives an exemption limit on transactions up to €200, and 95% of the merchant’s transactions are under €200, then 95% of the transactions will go through as before PSD2 and the merchant will be compliant.
Transactions outside of the TRA exemption will be subject to SCA as above, as will any purchase over €500.
Ultimately though, the decision regarding what level or amount under which to process transactions with an exemption lies with the issuing bank.
Get ready to go
Much like the dreaded Brexit, there’s no doubt that there will be pushback from players on PSD2 all the way up to the hard deadline of the 14 September 2019. Merchants should remain in close contact with their acquiring banks and payment partners to stay on top of any and all changes that might occur in advance of the deadline.
If you want to discuss how PSD2 affects your cross-border ecommerce business speak to us!