PSD2 payment requirements – make sure you're ready

Oct 25 2023 | PayPal Editorial Staff

New overcapture requirements – make sure you're ready
New requirements to improve the security of online card payments are coming soon. If your online store or website is not ready, there’s a risk of customers’ payments being declined by the card issuer.

No-one wants to lose a sale or a customer because their payment couldn’t be processed. To avoid this, you may need to take action.

What should you do? The good news is we have a simple guide that gives you the next steps based on how you currently handle payments.

What is PSD2?
PSD2 stands for the second Payment Services Directive and it applies to card issuers across the European Economic Area. It will still apply to the UK after Brexit. Under PSD2, card issuers (that’s banks like Barclays, HSBC, Lloyds etc.) must apply a stronger method of verification, called Strong Customer Authentication (SCA), when processing payments.

SCA requirements
SCA mandate requires additional authentication and restrictions be applied to electronic transactions involving customers in any PSD2 country. Specifically, new guidance affects transactions where the buyer approves a payment before seeing the final amount due. These transactions, known as “over capture,” can occur when charges for things like taxes or shipping aren’t included in the purchase price at the time the customer approves the payment.

According to the EBA, the requirements are as follows:
The final transaction amount cannot be higher than the authenticated amount: “If the final amount is higher than the amount the payer was made aware of and agreed to when initiating the transaction, the payer’s PSP shall apply SCA to the final amount of the transaction or decline the transaction.”

The final transaction amount may be lower than the authenticated amount: “If the final amount is equal to or lower than the amount agreed in accordance with Article 75(1) of PSD2, the transaction can be executed and there is no need to re-apply SCA, as the authentication code would still be valid in accordance with Article 5(3)(a) of the [RTS].”

What this means for your business
Historically, PayPal allowed businesses to amend order totals during check out in order to add (or remove) service charges like shipping fees or taxes based on the instructions buyers gave to the merchant directly. While the buyer consented to the final amount before completing checkout, this consent did not occur within their PayPal payment approval session. For example, a customer is directed to PayPal during checkout to authorize the payment of their 100.00 EUR purchase. When they return to the merchant site, their total now includes fees for shipping and taxes, increasing the amount to 110.00 EUR.

What to expect
Beginning in April 2022, transactions for PSD2 countries that are processed by PayPal will follow new guidance for over captures. Because taxes, shipping costs, and other fees can depend on the destination address of an order, we’re taking steps to help affected online sellers avoid declined transactions due to over capture.

Our newly developed algorithms will identify which businesses are likely to be impacted and estimate over capture amounts. Buyers who check out with PayPal will be presented with the estimated total, including additional fees, during their PayPal payment approval session. If the grand total exceeds the estimated over capture, the transaction will be declined and the customer will need to return to PayPal to approve the final amount.

Next steps
While you need to be aware of the upcoming changes, there’s no action required on your end. For additional details regarding SCA regulations and how they may affect your business, please visit our SCA mandate information page on the PayPal help center.

The information in these articles does not constitute financial or investment advice of any kind and does not count as a substitute for any professional advice. Always do your own research on top and seek professional advice if you want to ensure that what you do is right for your specific circumstances. Where we link to other websites, we can't be responsible for their content.

The contents of this site are provided for informational purposes only. The information in this article does not constitute legal, financial, IT, business or investment advice of any kind and is not a substitute for any professional advice. You should always obtain independent, professional accounting, financial, IT and legal advice before making any business decision.