This fall, new strong authentication rules will come into force. Registered under the European Payment Services Directive (PSD 2), it provides for an upgrade in the 3D Secure authentication protocol to version 2.0, which should be applied by all e-commerce sites by March 2020. How does it work, what is the impact on transactions...we tell all!
PSD 2 and 3D Secure: what are they?
PSD 2's goal is to make online payments more secure and easier to use with new requirements in strong authentication. Another change, the 3D Secure protocol's new 2.0 version will be implemented by consumer banks and no longer left to e-sellers to apply.
In practice, to protect the transaction, the customer must now authenticate in two ways using different, independent factors such as:
- Something the customer knows (for example, a password);
- Something the customer owns (their mobile phone, for example);
- Something inherent to the customer (like a fingerprint).
PSD 2: who is concerned?
These new measures concern all online transactions where the e-seller and the customer are located in the Euro zone.
However, PSD 2 has identified a list of transactions that may be exempted from strong authentication; transactions of less than €30, transactions relating to subscriptions of a fixed amount and for which strong authentication took place the first time, and those where one of the service providers is outside Europe.
PSD 2: what are your obligations?
As a seller, you must ensure that your payment module has been adjusted to comply with the new guidelines and apply this update by September 14, 2019.
You can also find payment modules that have been updated to the new regulations on the Addons Marketplace.
If needed, you can contact our support service or the developer/support for your payment modules.
PSD 2: what impact on conversions?
Remember, these measures only apply to non-subscription transactions over €30. Customers will gradually adapt to double authentication, made easier by new generations of smartphones with facial or fingerprint recognition. To limit any negative impacts on your conversion rate, it seems sensible to offer an effective mobile solution to your customers.
These guidelines can also be an opportunity to review your digital approach and, in particular, the user journey and improve the pre- and post-payment steps.
Meanwhile, banks are working on new, more secure and transparent authentication processes for buyers by collecting a lot of information related to the purchase environment. The process is called frictionless. If the connector (i.e. the module) between a shop and the bank follow the same procedure, the bank will be able to authenticate the buyer without an additional step, and there will be no impact on the purchase process or conversion.
If you have yet to migrate, download PrestaShop 1.7 and give your customers a one-page shopping tunnel.
Receive our alerts:
To be informed of the latest directives that apply to e-commerce sites, subscribe to the PrestaShop newsletter