PSD2 - the new Payment Services Directive
With the revised Payment Services Directive (PSD2), which has come into force since 13 January 2018, the European Union has fundamentally changed the payment landscape and PSD2 determines how payments within the European Economic Area will be processed in the future. Above all, banks and financial institutions face major challenges in the implementation of the requirements, especially as they – among others – are obliged to provide third-party payment service providers with access to their banking systems. But even online merchants must comply with the new requirements.
Aimed to better protect online buyers, the PSD2 demands more security in online purchases and introduces strong customer authentication (SCA) - also known as two-factor authentication.
PSD2
konform
★
German Federal Printing Office
PSD2 webinar of German Federal Printing Office
new regulations in payment transactions (webinar)
strong customer authentication with Micropayment
As of 14/09/2019 , an online transaction, must be verified requesting two of the following three characteristics: possession (e.g. map, mobile), knowledge (eg. PIN) or personal or physical characteristics ("inherent", e.g. fingerprint, face recognition). Concretely, a physical item such as a smartphone can be combined with a one-time password or fingerprint before the online payment can be made.
The use of strong customer authentication for all online transactions will be mandatory (with a few exceptions) as of 14/09/2019 , as new regulatory technical standards of the European Banking Authority will enter into force at that time .
The authentication of a transaction must contain two or more of the following criteria:
In future, nothing other than a fingerprint that is queried via the customer's mobile device will be required to authenticate and release transactions. Instead of relying on the traditional password ("something you know"), your customers can now combine "something you own" (e.g. a smartwatch) with "something you are personal" (e.g. a fingerprint).
-
something you know
- password
- passphrase
- PIN
- number sequence
- secret question
-
something you are
- fingerprint
- lineaments
- voice recognition
- iris recognition
- DNA signature
-
something you own
- mobile phone
- wearable devices (e.g. smartwatch)
- smart card
- token
- badge
Strong customer authentication is always required if
- someone accesses their payment account online
- someone triggeres a payment process electronically or
- someone remotely takes action that carries the risk of fraud in payment or other misuse.
In addition, the following criteria must be met:
- if an element was not entered correctly, there must be no indication of which element was wrong.
- multiple incorrect entries lead to blocking
- Timeout after successful login at inactivity = 5 minutes
Who needs to employ strong customer authentication?
Pursuant to Art. 97 PSD2, PSPs must implement strong customer authentication requirements.
From the PSD2 follows that the requirements for strong customer authentication apply "only" to the payment service providers defined in the PSD2. As a merchant and website operator, you are therefore not required to comply directly with the directive.
example:strong customer authentication in e-commerce with credit card (fingerprint)
What are the exceptions?
Appropriate exceptions may be requested for certain transactions. Such exemptions are designed to ensure that customers can enjoy a simple shopping experience with added security. Among other things, there are the following exceptions to the obligation to perform strong customer authentication:
We see a challenge in recurring transactions with changing amounts. However, regulators have confirmed that "merchant-initiated transactions" are outside the scope of strong customer authentication requirements under PSD2, so most subscription payments are not affected by strong customer authentication.
Micropayment solutions combine comfort and security
The introduction of the new procedures require highly acceptance from consumers and merchants. To ensure that the payment process in your online shop is not overly influenced by the new authentication methods, Micropayment is currently working together with the cooperation partners on solutions to enable convenient payment processes that meet the requirements of the PSD2 guideline.
The ultimate goal is to make all transactions as secure as possible and to implement all legal requirements in a timely manner. Micropayment payment window transactions will meet strong customer authentication requirements as of September 14, 2019 . The factor of inherence plays an important role, as it transmits behavior-based information to a transaction.
While the new requirements will undoubtedly bring challenges for businesses and banks, Micropayment solutions will mitigate the impact on your online store.
If you use the Micropayment payment windows , you are well prepared for the PSD2 and strong customer authentication requirements. While the new requirements will undoubtedly bring challenges for businesses and banks, Micropayment solutions will mitigate the impact on your online store.
Your competent contact persons
We can support you in the following points with a strategic partnership:
- market-oriented realization of new products & projects
- building strategic cooperation communities
- planning, coordination and optimization of payment transactions
- analysis and forecast of the current target market
- figuration of your products in international markets
We would like to help you.
Best possible advice is our mission. We support you in the realization and marketing of your productse. Please call:
(00800) 3000 22 55
free of charge from German landline
Integration made easy.
Do you have questions about our payment methods or about the use of our systems? Please contact us by e-mail. We will reply as soon as possible.