If you’re a merchant who’s acquired in the EEA and the UK, and if you’re an issuer of cards in this area, then PSD2 and SCA probably applies to you. The enforcement date for PSD2 SCA was December 31, 2020, which means you need a 3-D Secure solution in your checkout to protect your shopping cart. If you are in the UK, the deadline to comply is September 14, 2021.
Let’s start with the basics. What are PSD2 and SCA?
PSD2, the Second Payment Services Directive, was established to benefit consumers by driving payment innovation and data security. It mandates new security processes, reduces competition, and encourages standardized technology.
SCA, or Strong Customer Authentication, is a major component of PSD2 for digital transactions. SCA requirements mean that digital transactions need strong two-factor authentication (2FA), with at least two of these three criteria:
- Something only the customer HAS, for possession
- Something only the customer KNOWS, for knowledge
- Something only the customer IS, for inherence
For issuers, this likely means having a biometric solution. This means that when SCA is necessary, a consumer would validate themselves with a fingerprint or facial recognition, for example, through their mobile device. Another option would be a one-time-passcode and the answer to a knowledge-based question the consumer previously shared with their issuer.
The goal of PSD2 SCA is to reduce fraud, and make sure all electronic payments in the European Economic Area, or EEA, are being validated. It’s a mandate that’s meant to keep consumers safe. For most EEA countries, the deadline for merchants and issuers to comply was December 31, 2020. The UK’s deadline is September 14, 2021.
What does this mean for your shopping cart?
PSD2 will have a significant impact on your e-commerce shopping carts if you do not have a solution in place.
- Merchants must support a two-factor authentication solution to successfully process payments – this will have a direct impact on a merchant’s ability to accept online payments.
- In order to accept payments, an SCA solution is required to be built into checkout flows for transactions in the EEA.
There’s a lot to consider – including the different ways your online payments are being processed.
- To process online payments, your shopping cart, gateway, and plug-in must support the criteria for PSD2 SCA.
- If your system doesn’t support the requirements for SCA, you’ll need to find a solution that does.
How do I solve for PSD2 SCA?
Connect your shopping cart to an EMV® 3DS solution – the industry standard for meeting SCA requirements.
- EMV 3DS has two-factor authentication capabilities built into its technologies and simplifies the payment authentication process for you and your customers.
- There’s ten times more data exchanged with EMV 3DS than the original 3DS 1.0 protocol, so every transaction has greater dimension and context for better risk decisions.
- Works behind the scenes the majority of the time and on any device.
- It helps reduce false declines as well as fraud while helping increase good orders and delivering a better shopping experience.
Merchants can easily support EMV 3DS in their shopping cart using Cardinal’s 3-D Secure plug-in solution available on PrestaShop’s Addon Marketplace.
For over two decades we’ve been bringing new merchants, issuers, and shoppers together in an experience where everybody wins. As a global leader in authenticating digital transactions, our 3-D Secure solution helps to fulfill SCA requirements and supports all major card networks: Visa, Mastercard, American Express, Discover, JCB, ELO, and more.
PSD2 SCA may sound complicated, but it doesn’t have to be. We’ve got you covered. Learn more about our module on the PrestaShop Addons Marketplace.
For most countries in Europe, PSD2 SCA has been enforced since the beginning of the year. The enforcement date for the UK is September 14, 2021. So, the time to act is now. Don’t run the risk of potentially losing sales. Let us do the heavy-lifting for you so you can concentrate on what’s important to you – your business.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC