New EU Regulation for Online Shops: PSD2 and SCA Explained

The GDPR may still be fresh in people’s minds… but that’s last year’s news. Now there’s a new regulation in town: the PSD2 (or Payment Services Directive 2).

The ecommerce sector has been growing steadily for years so the EU is updating its regulations to match. The new PSD2 is meant to create fairer competition between traditional banks and modern payment service providers (such as PayPal). That includes Strong Customer Authentication (SCA), which means two-factor authentication for online purchases. And the good news? If you run an ecommerce business, this new provision means better cross-border security for you and your customers.”

The most important thing for you to know is that with Jimdo and our integrated payment providers, your online store is well prepared.

In this article, we’ll briefly summarize and explain exactly what will change for customers and your online store!

Please note that this article does not constitute legal advice, even if a legal issue is covered. For legal advice, we recommend contacting a legal expert.

In this article we’ll answer:

  1. What is the PSD2 and the SCA?
  2. What exactly changes when making a payment?
  3. Are there exceptions to the two-factor authentication rule?
  4. Why is SCA being introduced for online commerce?
  5. What does SCA mean for your online shop?
  6. What effects could the PSD2 and SCA have?
  7. PSD2 summary

What is the PSD2 and the SCA?

The Payment Services Directive 2 (PSD2) is a “Payment Services Directive” of the EU. It replaces the previous directive and puts different rules in place for payment service providers like PayPal and Klarna. These rules apply to the banks and payment service providers, so shouldn’t be a cause for concern for online shop owners like you.

Part of this is Strong Customer Authentication (SCA) and that’s where it gets interesting for shop owners. The SCA determines that from September 14th, 2019, anyone who pays online must use two-factor authentication.

What does that mean exactly?

What exactly changes in the payment process?

Up until now, anyone booking a holiday online could pay using just their credit card and security number. Or you could pay on a platform like PayPal by entering a password. Now you’ll need a second security factor to complete your payment.

Buyers now need two of these three factors to pay:

  • Something you know: pin, password
  • Something you own: registered smartphone, bank card (with security number)
  • Something personal: fingerprint, facial features

This process isn’t completely new—you probably already know it from online banking. If you want to make a transfer, you need your pin to login (something you know) plus a code to your smartphone (something you own).

Exceptions to two-factor authentication

The new rule only applies to payments that are processed online and that don’t currently have high-security standards. Therefore they don’t include:

  • Debit
  • Invoice
  • Payment in advance

Any amount that’s less than 30 Euros is also excluded from two-factor customer authentication.

Why is SCA being introduced for online commerce?

Estimates and surveys show that the damage caused by credit card fraud alone costs around € 1.3 billion annually across the EU.

By requiring an extra security factor for online payments, the SCA makes it much harder for people to use stolen credit card numbers, passwords or other fraudulent credentials. Because ecommerce is international, it’s important that the EU now sets uniform rules to give buyers and sellers better protection.

In summary, the new legislation strengthens online trading for sellers and buyers.

Good to know: The SCA regulation is expected to be enforced in the UK, regardless of the outcome of Brexit.

What does SCA mean for your online shop?

Fortunately, the SCA is implemented directly by the payment service providers, so you don’t need to do anything to implement it for your online shop. Your customers will continue to confirm their identity directly through PayPal as normal. The only difference is that now this process will include two-factor security authentication.

The “second security step” is automatically added to the payment process. As a rule, there won’t be any manual changes for you.

At the moment, the payment service providers are still working on the exact implementation of the PSD2 or SCA. So it’s not possible to know what the two-factor authentication will look like, just yet.

What effects could PSD2 and SCA have?

Ecommerce experts assume that customers will quickly get used to two-factor authentication. However, at first, it could lead to some drop-offs at checkout.

The reason is simple: customers first have to register something they own—their smartphone, for example—with their payment service provider so they can complete the second security step. Although this is quick and easy, not every customer feels like doing that before checkout so some might stop shopping.

But the important thing to remember is that the new rule applies to all customers in all online shops. So two-factor authentication will soon be the norm for everyone. And the advantage for business owners? The two-factor confirmation will lead to fewer wrong orders, which means fewer returns!

PSD2 summary

  • The EU directive PSD2 simplifies payment transactions for services such as PayPal.
  • Cashless payments will become safer.
  • Customers will need two-factor authentication to pay online.
  • The SCA is implemented by the payment service providers.
  • Online store owners ordinarily don’t have to change anything.

 


If you read articles about the PSD2 and SCA in the coming weeks, you can rest easy. To summarize, the SCA mostly refers to adjustments that will be made by payment service providers. Overall, the new regulation creates more security in the online world and that’s definitely welcome!