How does PSD2 protect you?


The stated aims of the payment service directive include providing more secure payment services and improving consumer protection. These are both good news for anyone making payments, or transferring money online. Unfortunately fraud is a part of everyday life online and sooner or later, no matter how careful you are, you will be a victim of some kind of fraud. The payment services directive covers consumer rights, ensuring that any payment service must comply with rigorous standards ensuring victims of fraud will be recompensed in a timely fashion.

Secure payments

You have probably seen the current authentication process for online payments that involves you providing random characters from a pre-chosen phrase. You must also realise that this is opt-in. Your bank does not require an online vendor to implement even this basic security precaution.

Strong Customer Authentication

The payment services directive mandates additional security checks for all online purchases over €30. This is known as strong customer authentication commonly called SCA. I'll dive further into the details of SCA in a future blog post, but suffice to say it will no longer be possible to checkout online using just your payment details, you will also need to prove who you are.

This only applies to purchases or transactions where both the payer and the provider are both in the European Economic Area.

Two out of three

The additional information required is two of the following three pieces of information

  • something you know : passphrase, or PIN, much like the existing 3d Secure method already in use
  • something you have : your credit/debit card, your phone, a key fob provided by your bank
  • something you are : biometrics

Initial PSD2 deadline for mandatory ecommerce security

PSD2 set the original deadline of the 14th of September 2019 for banks to have fully implemented security for ecommerce transactions using industry standard protection such as the 3d Secure mentioned above.

New deadline

The banks were not ready, and would not be ready anytime soon, so the deadline was pushed out to March 14th 2021.

Better consumer protection

Improved security is often a selling point for banks. PSD2 requirement for security will ensure every bank has implemented sufficient security, and protects consumer rights.

In future online payments and purchases will result in far less fraud, but we should still be vigilant. Regulations are not a panacea and there will be financial institutions and startups that just go through a box ticking exercise.