Online payment processing is convenient for both customers and vendors. However, it leaves both vulnerable to the very real possibility of a data breach, identity theft, and other types of fraud. In order to minimize the damage caused by these threats, the Payment Services Directive (PSD2) has been revised. It now also encompasses transactions performed on the internet. As a result, the way electronic payments are made, both within the European Union and outside, will be changing.
How PSD2 affects online payments.
Specifically, implementation of the PSD2 will result in two major changes that will particularly affect online payments. First, security requirements will be bolstered with the stipulation that customers must verify their identity via multi-factor authentication (MFA). This means that account providers will be mandated to require that all EU-based consumers prove their identity using MFA. This combines a piece of information the user knows (such as a password or PIN) with something the user has (a one-time-use code sent to their smartphone or biometric data such as a fingerprint).
In addition, financial institutions will now have to provide third-party service providers such as retailers and technology companies with access to a customer’s account information and other unique data if that person has given permission for them to do so.
As with all rules, there are exceptions. Transactions under 30 euros (as well as subscriptions) do not fall under PSD2. If the merchant can demonstrate a low fraud risk, higher-value payments may also be included in this category. Furthermore, consumers will be given the option to specify certain merchants whom they wish to whitelist.
What is changing?
The original Payment Services Directive (PSD) went into full effect in November of 2009 and was designed to set forth a common payment framework across the EU. It remained in effect until January of 2018 when it was replaced by PSD2 with the idea that compliance will be required beginning April 2020. The European Commission established PSD2 to encourage competition and innovation while fostering the most secure payment processing environment possible in today’s technologically-driven, security-conscious environment. Any payment, whether it is in-person or online, that begins, ends or travels through any part of the European Economic Area (EEA) is subject to PSD2. While most components of PSD2 are now in effect, additional time is being provided to issuers, merchants, and card issuers to get their secure customer authentication (SCA) protocols in place.
The effects of PSD2.
If you live or do business in an EU country, you are bound to be affected by the PSD2 in some way. Merchants stand to gain a good deal with PSD2, including reduced risk of fraud, faster access to funds, reduced costs in accepting payments, and access to customer data that can help sellers to better craft and customize buyers’ shopping experiences. Finally, enhanced knowledge of buyers will lead to a smoother shopping cart and checkout session.
PSD2 will also provide added information and insights for customers into their own payment experiences. The surcharges consumers pay will be eliminated, and heightened security will reduce their risk of being victims of fraud. Buyers will be able to share their data with technology and retail companies to streamline the shopping experience. Consumers will also have increased protections in regards to the grievance and refund processes.
With PSD2 in play, financial institutions will no longer be the only entities with access to customers’ financial information. This will necessarily result in more innovation for these organizations as well as changes in how they share and manage data in compliance with current updated regulations.
How PSD2 affects U.S.-based merchants selling outside the U.S.
As stated above, this directive applies to any merchant accepting payments in the EEA, including U.S.-based sellers. Unless a seller cannot exempt or authenticate a transaction based on SCA criteria, it is likely that the payment will be rejected, resulting in a financial loss to the merchant.
If you are a U.S.-based merchant facing the challenges of PSD2 implementation for your global business, Inovio is here to help. We provide a full suite of compliance services and support diverse currencies, including the pound, GBB, CAD, AUD, NZB, and 174 others.
The future of PDS2.
U.S.-based merchants who do business in the EEA may find themselves on the horns of a dilemma. On one hand, the added SCA criteria and other regulations will mean that compliance costs will rise. Many companies may even elect to invest in the services of a consultant to help them navigate these uncharted payment processing waters. At the same time, American sellers cannot help but recognize European customers represent a lucrative market that would be unavailable to them if they failed to follow PSD2 regulations.
To pile another layer of complexity onto the picture, the PSD2 opens the door for a whole new cohort of payment service providers who will be given access to customer data at that buyer’s request. For instance, Facebook has already unveiled its new Libra digital currency and hopes it will become a more mainstream and acceptable form of cryptocurrency that consumers will rush to incorporate into their payment habits. The jury is still out as to whether this will come to pass. However, U.S. merchants stand to profit handsomely, if it does.
PSD2 has the potential to streamline and secure the payments of millions of European consumers and the global set of merchants who serve them. Even so, many ambiguities remain when it comes to the practical ramifications of the new law. Only time will tell how the process will shake out.
That said, as a seller who is interested in succeeding in business while providing the safest and most streamlined payment process possible for your valued customers, this revised set of regulations looks to have a very bright future. Consequently, it is vital that you take the time to educate yourself and your staff on the specific PSD2 compliance requirements that you as an “outside” merchant will need to heed. Without a doubt, this will be time well-spent. For more information on how the PSD2 requirements will impact your business or to learn more about the Inovio platform and its suite of robust features, visit www.inoviopay.com or contact a representative directly at 866.267.2246.