Implement PSD2 SCA for strong and secure transactions

PSD2 is the Revised Payment Services Directive, a set of regulations and laws for payment and relative services in the European Economic Area and Europe Union. The law was passed in the year 2015, but its implementation has been done in stages. It came into effect in the year 2019.

The psd2 strong customer authentication regulation is being implemented vigorously in the year 2022. And it is being brought into force because a lot has happened since PSD was introduced in the year 2007. The latest payment technology and market developments have affected Europe's online payment services.

Online payment fraud in Europe has increased:

European Central Bank has recorded a 66% increase in online payment fraud through cards, and there has been an overall increase in fraud, which has been steadily rising.

API Economy:

There has been a rise in API that is Application Programming Interfaces or APIs that allows various systems to interact with each other. For companies like Google, Amazon, Uber and Braintree, APIs are a mainstay for success. These major conglomerates have supported and created new business models. There has been the rise of Fintechs. APIs provided banks and payment methods to be more open.

New and Unregulated business models:

Digital payments have seen innovation and growth since PSD was established in the year 2015. in the last few years, there have been many new players in Fintech. The new business payment types have not been fully integrated. Laws, rules and regulations were ad-hoc. There were no agreements and terms and conditions that regulated such companies.

The psd2 strong customer authentication regulation provides standard, rules, regulations, and structure that allows companies to access customers' bank accounts.

The goals of psd2 strong customer authentication regulations are:

• An integrated payment system and market that is efficient.
• Improve the and give equal opportunity for all payment service providers and give way for new entrants.
• Payment systems to be safer and more secure
• Protection of customers from frauds.

Psd2 strong customer authentication regulation aims to secure all digital payments and payment modes and expand through the financial ecosystem.

The implementation of PSD2 is an integral part of wider legislation that has a set of regulations and implications for payment providers, banks, all third-party providers and consumers that have far-reaching effects. It has led to changes in various online payments and has affected online sellers and payment providers.

Key changes of psd2 implementation on online retailers and payment providers:

SCA- Strong Customer Authentication

SCA has been the focal point of the key changes that was bought about by PSD2 implementation. A two-factor authentication system of SCA will be used for any online payments to be complete. The earlier system of static passwords and OTP is impasse now.

It is the compulsion that online payments in European Economic Area will follow strong customer authentication to allow any financial transaction to happen online. It is a requirement for European Banking Authority also.

License for Payment Providers:

Registration with European Banking Authority is a must. Any Fintech company or company that wants to provide payment service in European Union will have to apply for a payment license, get it authorized and register with European Banking Authority.

Opens Bank data with third parties

It allows bank data to be open to new players and includes third-party providers.

Impact of PSD2 and SCA:

Enforcement of PSD2 and Strong Customer Authentication is on all payer-initiated online transactions where both card issuer and retailers or acquirer are within the European Economic Area.

Direct Impact:

Enforcement of PSD2 is effective on all payment providers in EEA countries and affects 200 million online shoppers. PSD2 strong customer authorization is implemented in the United Kingdom, too, despite its exit from European Union as it was passed as law before the UK took the exit.

Strong Customer authorization implementation led to a drop in sales overnight as there are extra steps of payments. PSD2 impacts business outside European Union if the company provides payment service in EEA and will have to acquire and pay for a paid license.

Indirect Impact:

The indirect impact will affect all non-EEA businesses with subsidiaries and branches within the EEA.

Consequences of Non-compliance:

If you have been avoiding psd2 strong customer authentication regulations, it is like you are burying your head in the sand, and it will not work. PSD2 is legally enforced, and online businesses must fulfil SCA requirements; otherwise, customer banks will reject payments and not complete transactions because of non-authenticated payments.

Non-compliance will affect payment providers and sellers and the risk of losing the transaction volume and incurring a loss.

There are serious consequences for all payment providers if they are non-compliant. Regulators at the national level can impose fines and have the power to revoke the license of such non-compliant payment providers. And remember, there are no specific fines yet, and fine amounts vary.