Loading...
PSD2 Compliance Requirements

How Europe’s Ecommerce Vendors are Meeting the New PSD2 Compliance Requirements

The new Payment Services Directive II (PSD2) may seem like just another piece of technical legislation on the surface. However, if we dig deep, we’ll see it’s quite a groundbreaking piece of regulation. It levels the ground for banks and fin-tech companies and hopes to trigger more competition in the European Union’s payments market. Apart from disrupting the big banks’ long-term control over all customer transaction information, these directives also aim to make customer security a key priority for all businesses that sell their products or services online. These same security-related rules apply to all card issuers, payment service providers, and banks. For instance, organizations that collect customer spending information for analysis purposes will be held to higher standards of accountability.

Understanding the PSD2 Directive’s Impact on eCommerce Businesses

Payment services have mostly evaded EU regulation until 2007. Even 2007’s PSD1 regulations didn’t impact the eCommerce market significantly. However, when regulations are drafted and applied in a proper fashion, they can be a useful tool for generating incentives to boost innovation, economic growth, and, most importantly, competition. That’s what the Payment Services Directive II aims to do – address the rapid changes in technology and the rapid growth of the global eCommerce market. PSD2 was issued in late 2015 and mandated implementation from January 2018. The main aims of this Directive are –

  • Assist the integration process between vendors, PSPs, and financial institutions in the EU’s payments market.
  • Promote competition by emboldening new members in the payments market, such as Fin-Tech companies. The legislators hope that this competition will organically make Internet payment services across the European Union much more efficient at addressing security threats.
  • Promote lower fees for payments.
  • Boost the confidence and trust of the average consumer in electronic payments.

The last aim of the PSD2 will impact eCommerce vendors across the globe (not just in Europe) the most. Vendors must introduce stronger customer protection measures against fraud and other customer abuses. To do so, eCommerce vendors, banks, and PSPs will have to enhance their security arrangements. The main theme of PSD2 is to increase security measures and protect the average online shopper.

That’s because customer confidence in online payments is still pretty low. By 2024, the amount of financial loss initiated by online payment fraud is predicted to amount to $25 billion every year. Compared to $17 billion in 2020, that’s a 52% increase. Will this prediction regarding eCommerce merchants come true? A lot of it depends on how eCommerce vendors doing business in the EU region react to the Payment Services Directive II. The vendors who are compliant and implement biometrics and SCA (Strong Customer Authentication) on their platforms will suffer less.

What is Strong Customer Authentication?

SCA is a central part of the Payment Services Directive II. It’s part of the move to safeguard customers and online businesses from fraud or data breaches. SCA requirements compel eCommerce vendors and PSPs to validate the identity of a shopper and their merit or right to make an online transaction before any electronic payment is processed. To be SCA-compliant, online vendors must now test –

  • A detail that only the shopper should know, e.g., a password.
  • Something that the shopper possesses, e.g., a credit card or a message of authentication sent to the shopper from a code generating device.
  • Inherence or something that’s irreversibly linked with the user, e.g., biometrics, fingerprints, voice recognition, etc.

These measures enable eCommerce vendors to know that they’re dealing with an actual consumer, not a bot or a hacker. The prevalence of Card Not Present (CNP) fraud has made this multi-step customer authentication method extremely necessary. Scammers often steal credit card information to make false orders. Card Not Present has risen with the latest eCommerce booms. According to Mastercard, the rate of CNP fraud for online transactions is ten times more than in-store transactions. The European Commission hopes to reduce CNP fraud by compelling every online vendor to be SCA-compliant. On an SCA-compliant eCommerce platform, CNP fraudsters will have a more difficult time going through with such orders.  

Exemptions for SCA

In principle, all electronic payments are subject to SCA requirements. But, some exemptions are possible when there’s no need for strict multi-step customer authentication methods. For instance, low-value transactions will not require SCA. eCommerce vendors’ feat that multi-step customer authentication methods may hamper the speed of transactions and negatively impact customer experiences.

The Best Solution

That’s why eCommerce vendors are using software tools that help them automatically meet all SCA and PSD2 compliance requirements. These software tools act as ‘decision engines’ on behalf of the vendor. These tools ensure that every transaction meets regulatory compliance requirements while making the most of SCA exemptions. For instance, these fully-customizable tools will not only keep the business protected at all times but will also automatically exempt repeat customers or low-value transactions from multi-step customer authentication processes.