What are the Payment Services Directives, strong customer authentication and remembered device?
The Second Payment Services Directive (PSD2)
This is a new EU directive regulating payment services in the European Economic Area. The directive requires new measures that impact how you access your account and pay with PayPal.
Strong Customer Authentication
It introduces two-factor authentication for online transactions, known as 'Strong Customer Authentication' (SCA). For online transactions in Europe and the UK, this extra security is coming to help keep online card purchases more secure and prevent fraud.
What changes will I see when using PayPal?
Most of the time you'll log in or pay with PayPal by entering your email address and your PayPal password as usual. We may sometimes ask you to confirm your identity. The easiest way is via the PayPal App. Make sure you authorize push notifications from the PayPal App. Click here to download the PayPal App. You'll also have the option to enter a one-time passcode which we will send by SMS to the phone number you've registered with us; or via a phone call if you have a landline.
What do I need to do?
Check that your current telephone (mobile and/or landline) number is correct in your PayPal account Profile. If we need to ask you for a one-time passcode we can send it by SMS to your mobile phone number or via phone call to your landline, so your payment or login won’t be delayed.
For easy authentication, you can also download the PayPal app. If we need to confirm your identity, you can open the PayPal App to provide confirmation.
When will I need to enter this code? Do I need to do it every time I log in or pay?
Most times, we'll be able to verify your identity using the PayPal password you’ve typed and the device you're using (if it’s one of your usual devices). So, you may continue to login to your PayPal account or pay with PayPal as usual, using your email address and your PayPal password.
Where can I get this additional code? Isn’t it the same as my PayPal password?
No, the one-time passcode isn't the same as your PayPal password. We'll send you a one-time passcode by SMS, a phone call, or certain external apps each time we need a stronger verification of your identity. It’s important that you keep your phone details up to date in your PayPal account Profile to make sure this can work.
What is “Confirm using PayPal app”?
When you choose to "Confirm using PayPal app", we will send a push notification on your mobile phone that is typically used to access PayPal. If the notification doesn’t appear by itself, open the PayPal app from your phone and the verification prompt will appear on your mobile app to complete the process.
If that doesn’t work either, click Try another way on the web screen and retry or choose another challenge to complete the authentication process.
I've already enabled 2-step verification on my PayPal account, will I see changes?
2-step verification is authentication that complies with SCA. Hence, you won't see any changes when logging into your account. However, if you decide to disable 2-step verification, please make sure you have an up-to-date phone number in your profile before.
I don’t have a mobile or direct landline number to link to my PayPal account. Is there another way to verify my identity when logging in?
In order to continue to access your PayPal account in compliance with PSD2 regulations, you'll need to enable the 2-step verification setting from your settings profile page. This setting allows for more SCA compliant verification options. At this time, 2-step verification offers Mobile and Authenticator App.
What are Authenticator Apps and Security Keys?
An Authenticator App generates a one-time passcode that you can use to sign in along with your password when you log in. After you download the authenticator app to your phone or desktop, scan the QR code displayed or enter the unique serial key on paypal.com to link them to your PayPal account. Once set up, the authenticator app will provide a one-time passcode that changes periodically.
How do I manage my devices?
You can review your devices or remove any you don’t want us to remember on your PayPal account.
What’s a remembered device?
A remembered device is a personal web or mobile browser, or mobile device used to get into your PayPal account that we remember after we successfully confirm your identity. This makes it easier to log in, pay, and take other actions with your PayPal account because the device works as one of the two factors needed for SCA. There might be instances where we still ask you for another verification to ensure your account is secure.
How does 2-step verification work with remembered devices?
If you have 2-step verification set up, this extra security step will be used each time you log in, even if you do so from a remembered device. But though you’ll still need to go through 2-step verification when you log into your account, using a remembered device can help you save time when doing things like making a payment. There could be some exceptions, depending on how secure your device is.
How can I remove remembered devices?
You can remove remembered devices in your PayPal account settings:
- Go to your settings page.
- Select the Security tab and choose “Manage your logins”.
- Remove the device .
What if my device shows up again after I’ve removed it?
No worries. If you’ve removed your device from the list of remembered devices, it will no longer be used for SCA. It may remain in the list if you’ve used your PayPal account with this device, but we won’t use the device for SCA and will use other authentication factors.