The entire PSD2 regulation will come into force on December 31st, changing the way online transactions are authenticated.
There are only two months left before the PSD2 regulation comes into force, or more specifically, the part referring to the strong authentication of online transactions, as the rest of the regulation is already operational. This change comes at a key moment for ecommerce, in which online sales have skyrocketed due to confinement and the behavior and way of buying of users has taken a leap forward towards digitalization.
After the initial moratorium, the European Banking Authority is not contemplating further delays in the implementation of the regulation, despite requests by some associations for a further postponement taking into account the circumstances and consequences of the Covid-19 crisis. Therefore, next December 31st the ecosystem and its actors must be prepared to meet the new requirements in online payments, as well as take advantage of all its benefits.
In a brief review of the new aspects introduced, we remind you that strong customer autjentication (SCA) consists of authentication using two different factors, to be chosen among the three contemplated: something the user knows (such as a password), something he or she has (such as a mobile device) or something that «is» (biometrics, by means of fingerprinting, facial recognition, etc.).
In addition to this, it is important to note the existence of exemptions and exceptions to the rule that will reduce friction and help keep conversion rates from falling because of added steps during the payment process. Exemptions are situations in which the merchant can request that double authentication not be applied to a transaction, because it fulfills one of the established conditions: low amount transactions (below 30€), transactions with a transactional risk analysis (TRA), recurrent operations or operations within a Whitelist.
As for exceptions, these are operations that are outside the scope of the SCA and must be correctly identified so that they can be treated as exceptions. This is the case for «One-leg-out» transactions originating in or directed to a country outside the EU, Merchant Initated Transactions (MIT) initiated by the merchant without the user’s presence, MO/TO transactions (Mail Order/Telephone Order) and B2B transactions or transactions related to anonymous prepaid cards.
But the regulation not only brings responsibilities, but also opens the door to new opportunities such as increased security and the consequent confidence of users in online shopping. In addition, the increased familiarity of consumers with online shopping in recent months could help reduce the impact of new authentication factors, as long as they are informed and educated to see this new way of shopping as a benefit to them and their comfort when purchasing products online.
From Sipay, a gateway specialized in omnichannel payment solutions, they remark that «there are still two months to finish this race to adapt, which poses a promising future scenario and a series of challenges that we must all face together, both merchants and payment service providers, banks, card brands and other industry players involved in the process. Only with the collaboration and communication between the different areas will it be possible to achieve the compliance objectives and obtain the maximum benefit for both merchants and end consumers”.