Everything your eCommerce should know about PSD2 and SCA

Today it is time to learn something interesting. If you have a moment and much curiosity, join us and we will tell you about it

PSD2 and SCA are more than just two concepts. They have arrived to improve the online payments landscape and open the door to a new world of opportunities and improvements in eCommerce. From security to fraud protection for card payments.

Do you know what each one is about? Do you have any doubts? How do they relate to each other?

Let's go!

PSD2: Everything you need to know

PSD2 (Payment Services Directive) is the European Directive regulating payment services, from direct debits to card payments, aiming to improve security and increase protection against internet fraud. Its main objective is to boost transparency, innovation, and competition for payment services in the financial sector.

Key features:

It makes open banking possible, i.e., third-party providers (TPPs) intervene in payments.

The Payment Service Regulations 2017 replaced the Payment Services Regulations 2009, and it brings the PSD2 into UK law.

It contributes to the development of the electronic payments market within the European Union itself (EU).

It sets out the obligations and rights of customers and institutions concerning the payment services they offer.

It allows consumers and merchants to benefit from the internal market, especially in terms of eCommerce.

It seeks to increase protection against card payment fraud on the internet and within the European Economic Area (EEA).

The directive facilitates market access for other financial institutions’ competitors, thereby creating more competition and reducing costs for digital payment services.

It requires several enhanced security requirements, which means that most electronic payments require two-factor or strong authentication (SCA).

PSD2 intends to make strong authentication itself a requirement for all online bank card transactions where the payer is present.

SCA: Everything you need to know

SCA stands for Strong Customer Authentication. It is a measure that is part of PSD2 itself and requires us to include a two-factor authentication system known as SCA. Its main objective is to protect online payment services from the risks of fraud, inappropriate fund transfers or credential theft, among other things.

Main features:

It verifies customer identity and addresses issues arising from the previous PSD version that was implemented based on the 3D Secure protocol.

It adds an extra layer of security when end customers make online payments. Whereas up to now, consumers entered only their payment details and completed the purchase, two authentication factors are now required to prove that the end customer is who they claim to be.

There are three categories considered valid in authentication: knowledge (information that only the payer knows, such as a PIN or a secret answer), ownership (something only the payer owns, such as the mobile phone, token, or smart card), and inheritance (something the payer is, such as voice patterns or a fingerprint).

It is usually applied whenever the customer accesses their online payment account when they perform an action through a remote channel that may involve a risk of fraud and when initiating an electronic transaction.

Strong authentication benefits customers and the merchant, as it increases trust in the merchant.

The card acquirer or issuer itself decides when exemptions can be applied to avoid the SCA requirement in their transactions.

Although the regulations require all transactions to go through strong authentication, some exceptions can be waived, such as low-risk transactions and those carried out by companies through corporate channels.

How do you ensure PSD2 compliance in your online store?

Or, rather, how to adapt your business?

The answer lies with payment processors. If you are concerned about the security of your e-commerce, you have not yet fully adapted to regulations, and need to identify high-risk fraud transactions, we know what you need!

At PayXpert, we are sure that the only way to keep your business safe is by adapting to PSD2 regulations, whose main goal is to give life to new electronic payment methods and increase consumer confidence in them.

For this reason, we want to talk to you about payment gateways, services offered by a provider that serves to authorise payments to online businesses to facilitate the process for customers. Depending on the type of gateway your business uses, you will offer a better or worse user experience when making a purchase. And it will improve the security of your electronic transactions without complications:

You will optimise rejected transactions.
You will have access to limited lists of filtered transactions.
You will monitor all transactions and consumer behaviour.
You will have permanent processing and optimisation.
You will be able to track your business in one click.

When it comes to a Marketplace, this ecosystem needs to build healthy relationships between all parties involved in the platform: managing purchases with items from multiple sellers, handling different currencies, transferring the corresponding amounts and managing fees and revenues.

With so many parties involved in the purchasing process, receiving online payments often becomes a challenge. That's why choosing the right payment provider is the best option to make your business PSD2-compliant.

What are the strategic advantages of accepting payments with a payment gateway?

In addition to automatically complying with European regulations, you will also get numerous advantages for your business: