The stated aims of the payment service directive include providing more secure payment services and improving consumer protection. These are both good news for anyone making payments, or transferring money online. Unfortunately fraud is a part of everyday life online and sooner or later, no matter how careful you are, you will be a victim of some kind of fraud. The payment services directive covers consumer rights, ensuring that any payment service must comply with rigorous standards ensuring victims of fraud will be recompensed in a timely fashion.
You have probably seen the current authentication process for online payments that involves you providing random characters from a pre-chosen phrase. You must also realise that this is opt-in. Your bank does not require an online vendor to implement even this basic security precaution.
The payment services directive mandates additional security checks for all online purchases over €30. This is known as strong customer authentication commonly called SCA. I'll dive further into the details of SCA in a future blog post, but suffice to say it will no longer be possible to checkout online using just your payment details, you will also need to prove who you are.
This only applies to purchases or transactions where both the payer and the provider are both in the European Economic Area.
The additional information required is two of the following three pieces of information
PSD2 set the original deadline of the 14th of September 2019 for banks to have fully implemented security for ecommerce transactions using industry standard protection such as the 3d Secure mentioned above.
The banks were not ready, and would not be ready anytime soon, so the deadline was pushed out to March 14th 2021.
Improved security is often a selling point for banks. PSD2 requirement for security will ensure every bank has implemented sufficient security, and protects consumer rights.
In future online payments and purchases will result in far less fraud, but we should still be vigilant. Regulations are not a panacea and there will be financial institutions and startups that just go through a box ticking exercise.