What is PSD2?

Sydney VaccaroIndustry TrendsLeave a Comment

What is PSD2?
Even merchants that are not directly affected by PSD2 should still pay attention to the changes in the payment ecosystem. The changes happening in the EU may be leading the way for others to follow.

PSD2 is the second iteration of the Payment Services Directive. PSD2 was created by the European Union to regulate payment services through a single integrated market. Overall, PSD2 establishes a framework for banks and non-banks to exchange payment information making a secure environment. While some of the PSD2 changes started in January of 2018, the final phase of the directive when into place September 14, 2019. In this post, we will go through the details of PSD2 and what changes it brought for merchants.

What Changes Come from PSD2?

PSD2 applies to any payment that passes through the EU. This could mean that the payment starts, stops, or goes through any part of the EU economic area. So, what did PSD2 change for merchants?

The Bank's Solo Control on Cardholder Data Will End

Before PSD2, banks held complete control of customer transaction data. The change will allow customers to give third-party providers access to their data. The difference in data access will mean that financial institutions will face more competition. For example, a messaging app could allow the customer to pay bills straight from their bank account. Which pushes banks to innovate to match that customer experience.

Stronger Identity Checks

The last deadline for PSD2 was for Strong Customer Authentication (SCA) which came into effect on September 14, 2019. SCA requires merchants to get more significant authentication on online transactions to prevent fraud.

SCA requires that merchants have two of the following three verifications:

  • Something the cardholder knows (a password or PIN)
  • Something the cardholder has (a phone or card)
  • Something the cardholder is (a fingerprint or facial recognition)

There are a few exceptions for SCA:

  • Low-value transactions of €30 or less
  • Recurring transactions
  • Low-risk transactions which are determined through a real-time risk analysis
  • Trusted beneficiaries where the customer has indicated that they trust the merchant for future purchases

Other Smaller Changes

The main changes that PSD2 brought were better identity checks and the transaction data being released. Other changes may not be as impactful for merchants. Some of the changes are:

  • Better reporting of incidents such as customer complaints or fraud
  • Restrictions on surcharging
  • Requiring transparency for terms and conditions

How Does PSD2 Benefit Merchants?

For merchants, PSD2 may seem like it is just extra work on their side to comply with regulations while adding extra friction at check out. But merchants will receive the benefits of direct access to funds, minimized fraud, insights into customer data, and more.

The requirement of SCA puts merchants in a great position to prevent true fraud, without diminishing the customer experience. Ecommerce merchants historically have an issue with security at checkout. Too much protection meant a lot of friction and possibly the loss of sales. Too little security meant merchants received true fraud disputes and fraud loss. Now with the requirement of SCA, EU citizens will be accustomed to having a high level of protection at checkout because every merchant will have the same level of security.

While merchants may still receive friendly fraud and chargeback fraud disputes, SCA will minimize the loss that comes from true fraud disputes.

How do Merchants Comply with PSD2?

The changes being made by PSD2 will change the payment landscape, and merchants need to stay up to date on all requirements. Banks, payment services, and card networks have all been working on solutions to comply with PSD2. The most accessible way for merchants to comply with PSD2 is to talk to their payment providers.

For example, Stripe offers that "payments products will optimize for different regulatory, bank, and card network rules and apply relevant exemptions for low-risk payments to only trigger 3D Secure when required. And as these rules change, we'll be able to maintain and update this SCA logic in real-time."

Make sure that your current providers have you covered for these changes.


Even merchants that are not directly affected by PSD2 should still pay attention to the changes in the payment ecosystem. The changes happening in the EU may be leading the way for others to follow.

Leave a Reply

Your email address will not be published. Required fields are marked *