We’re ready for Strong Customer Authentication and here to help you upgrade your online checkout.
The Second Payment Services Directive (PSD2) is a new European Union regulation which regulates payment services in Europe. Part of PSD2 includes new security requirements which will impact online businesses accepting card payments. Currently, PDS2 regulation will be enforced in the UK, regardless of the outcome of Brexit.
PSD2 introduces strict security requirements for the initiation of electronic payments in order to reduce the risk of fraud. These requirements include Strong Customer Authentication (SCA), which is an authentication process that validates the identity of the user of a payment service or a payment transaction. The regulation went into effect in the EEA on the 14 September 2019, and will start being enforced this year. Most payments will need at least 2 forms of authentication – or form factors – to process a payment from institutions (banks) that issue credit and debit cards. SCA enforcement will be enforced in Europe by 31 of December 2020, and in the UK by March 2022. So, you’ll need to make sure your systems are up to date.
To ensure that your transactions continue to process successfully when this regulation comes into force, you must ensure you support a PSD2 compliant version of 3D Secure - the card industry authentication protocol that allows card issuers to authenticate their cardholders during checkout.
Knowledge: Something you know such as a password.
Possession: Something you have such as a one-time code generated by a security token or access through a trusted device, such as an SMS.
Inherence: Something that you are and is unique to you, such as a voice or fingerprint.
Card issuers will need to start declining payments that require SCA and are not able to do so via 3D Secure. SCA enforcement is expected to come in gradually, but businesses can expect the first banks to start declining payments without 3D-Secure authentication from September 2020.
If you’re an online business accepting payments with PayPal, just select your solution below and we’ll help you become regulation-ready – so you can continue to accept quick, easy and secure payments.
If you’re using PayPal Pro direct to accept card payments on your website, you’ll need to update your payment integration to support the newest version of 3D Secure to meet the card issuer's PSD2 obligations. PSD2 applies to all European Union organisations involved in online payment services – and will still apply to the UK on departure from the EU.
Your customers in non-UK European Economic Area (EEA) countries will require 3DS from December 2020 onwards – so you should take action in 2020 to avoid these customers having their transactions declined. Full enforcement of the legislation will impact your UK customers from 14 September 2021.
To ensure compliance to the regulation, you can easily upgrade to our latest checkout solution, PayPal Checkout. The advanced integration option will allow you to customise the look, feel, and placement of your debit and credit card payment fields—just as you do now with PayPal Pro. PayPal Checkout supports the latest version of 3D Secure with limited additional integration requirements, so you’ll meet Payment Card Industry compliance requirements.
We recommend you do this as soon as possible to comply with PSD2 and SCA requirements and avoid transactions from being declined.
Click here to learn how to get started upgrading to an advanced integration of PayPal Checkout.
What if my website platform provider is not on the drop-down list above?
Please contact your website provider directly to get an update.
Want to know more about PSD2?
When is Strong Customer Authentication required?
Exemptions to Strong Customer Authentication
What happens if an exemption fails?
Want to know more about SCA?