Make sure you’re prepared for the Second Payment Services Directive

We’re ready for Strong Customer Authentication and here to help you upgrade your online checkout.

What is PSD2?

The Second Payment Services Directive (PSD2)

The Second Payment Services Directive (PSD2) is a new European Union regulation which regulates payment services in Europe. Part of PSD2 includes new security requirements which will impact online businesses accepting card payments. Currently, PDS2 regulation will be enforced in the UK, regardless of the outcome of Brexit.

Strong Customer Authentication (SCA)

PSD2 introduces strict security requirements for the initiation of electronic payments in order to reduce the risk of fraud. These requirements include Strong Customer Authentication (SCA), which is an authentication process that validates the identity of the user of a payment service or a payment transaction. The regulation went into effect in the EEA on the 14 September 2019, and will start being enforced this year. Most payments will need at least 2 forms of authentication – or form factors – to process a payment from institutions (banks) that issue credit and debit cards. SCA enforcement will be enforced in Europe by 31 of December 2020, and in the UK by March 2022. So, you’ll need to make sure your systems are up to date.

3-D Secure (3DS)

To ensure that your transactions continue to process successfully when this regulation comes into force, you must ensure you support a PSD2 compliant version of 3D Secure - the card industry authentication protocol that allows card issuers to authenticate their cardholders during checkout.

There are 3 types of form factors:


Knowledge: Something you know such as a password.


Possession: Something you have such as a one-time code generated by a security token or access through a trusted device, such as an SMS.


Inherence: Something that you are and is unique to you, such as a voice or fingerprint.

Card issuers will need to start declining payments that require SCA and are not able to do so via 3D Secure. SCA enforcement is expected to come in gradually, but businesses can expect the first banks to start declining payments without 3D-Secure authentication from September 2020.

What do I need to do?

If you’re an online business accepting payments with PayPal, just select your solution below and we’ll help you become regulation-ready – so you can continue to accept quick, easy and secure payments.

PayPal Pro hosted
PayPal Pro direct

You’ll need to update. Here’s why:

If you’re using PayPal Pro direct to accept card payments on your website, you’ll need to update your payment integration to support the newest version of 3D Secure to meet the card issuer's PSD2 obligations. PSD2 applies to all European Union organisations involved in online payment services – and will still apply to the UK on departure from the EU.

Your customers in non-UK European Economic Area (EEA) countries will require 3DS from December 2020 onwards – so you should take action in 2020 to avoid these customers having their transactions declined. Full enforcement of the legislation will impact your UK customers from 14 September 2021.

Here’s what to do:

To ensure compliance to the regulation, you can easily upgrade to our latest checkout solution, PayPal Checkout. The advanced integration option will allow you to customise the look, feel, and placement of your debit and credit card payment fields—just as you do now with PayPal Pro. PayPal Checkout supports the latest version of 3D Secure with limited additional integration requirements, so you’ll meet Payment Card Industry compliance requirements.

We recommend you do this as soon as possible to comply with PSD2 and SCA requirements and avoid transactions from being declined.

Click here to learn how to get started upgrading to an advanced integration of PayPal Checkout.

3DS installation: technology partner option

If your business website is through a technology partner, it may have a 3DS authentication option you can enable. Please contact your platform or shopping cart provider to discuss their options.


What if my website platform provider is not on the drop-down list above?

Please contact your website provider directly to get an update.

If you continue to browse, we'll use cookies that make our site work, improve performance and customise your experience. If you accept, we'll also use cookies to personalise ads. Manage your cookies