What is PSD2?

PSD2 is the Revised Payment Services Directive issued by the European Commission for innovation, improvement and internet payment safety. The first payment services directive, PSD1, was adopted in 2007, to establish the same set of rules on electronic and non-cash payments across the European Economic Area. The revised directive was adopted in 2015, and became applicable in January 2018.

In the Commission’s own words, PSD2 aims to:

Make it easier and safer to use internet payment services;
Better protect consumers against fraud, abuse, and payment problems;
Promote innovative mobile and internet payment services;
Strengthen consumer rights;
Strengthen the role of the European Banking Authority (EBA) to coordinate supervisory authorities and draft technical standards.
In practice, PSD2 aims to both protect European shoppers online as the digital economy expands, and give them more flexibility and choice, particularly around using Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs). Because customers can access their payment accounts online, PSD2 makes it easier for them to manage their finances and make online payments more easily.

What is changing in 2019?

The final deadline for complying with PSD2’s Regulatory Technical Standard (RTS), including delivering enhanced authenticity via strong customer authentication (SCA) is on the 14th of September 2019.

What is strong customer authentication? It requires you to verify your customer’s identity using at least two of the following something they know (like a password or a PIN), something that they have (like a phone or hardware token), or something that they are (like their fingerprint, or face recognition). For online retailers, you will have to implement this for any customer making a purchase worth more than € 30.

What do you need to do?

With the deadline fast approaching, if you do not already have at least two-factor authentication in place across your online retail channels, you need to move quickly.