PSD2: what does the legislation for your E-Commerce mean and what does it involve?

The 14 September 2019, the PSD2 directive on payment services, accepted by the European Parliament in the 2018, came into force. Thus was born the PSD2, that is the Payment Service Directive II

The PSD2 directive concerns the payment process in the European Union.

But what is PSD2? how will e-commerce change?

The PSD2 is a new version of the payment services directive, in force in the EU since the renewed 2007 because it did not include enough rules for online payments.

The new edition was created to correct some aspects: make payments safer, protect customers and stimulate competition between banks and payment organizations.

The main new feature that PSD2 introduces is the one that allows bank customers to allow third-party companies (AISP and PISP) ​​to access their bank account data via API. In this way, companies can make payments on behalf of customers.

To clarify:

• The Payment Initiation Service Providers (PISP), are the payment service providers that offer users, who have an online payment account, the ability to initiate a payment transaction directly from their account without using a payment card. credit;
• Account Information Service Providers (AISPs) are payment service providers that offer users who have an online payment account, the ability to aggregate their account information into a single tool.

The PSD2 directive aims to protect customers through Strong Customer Authentication (SCA), through three fundamental aspects:

• Knowledge of : information available only for a customer, such as a password or a PIN;
• Property: something that belongs to a customer, such as a credit card or a phone;
• Existence: some biometric information on a user such as a fingerprint, facial recognition, etc.

According to the latest changes, at least two of them should be used in a transaction over € 30.

The PSD2 regulation covers banks, payment organizations, companies and customers. Below we consider the changes in the business branch.

PSD2 and E-Commerce: offering modern and secure payments on your e-commerce helps improve the service for your customers, and thus reduce the negative impact on your e-commerce business.

From the 14 September 2019 then you must provide the SCA or 3D Secure 2.0 for all transactions, even if one of the parties is outside the EU.

European banks will reject transactions that do not follow the new authentication. However, there are exceptions concerning the already authenticated beneficiaries. In the case of a transaction less than € 30, the cumulative value of payments for each user will be counted. As soon as the cumulative value of a user's transactions reaches € 150, the banks will request authentication.

Banks will not need authentication if a single payment is less than € 50, and if the cumulative value of recurring transactions is less than € 300 per month. You can find the complete list of exclusions in the 3-d article of PSD2.

Although the PSD2 regulation should protect users, adding the authentication phase to the payment can increase the percentage of abandoned carts. But in the long run, the PSD2 will help make e-commerce safe and reliable and, consequently, attract more buyers.

So what can you do now: Use eWallet payment methods like Apple Pay, Google Pay, PayPal, etc.

These payment methods already include two-factor authentication. Mobile optimization. 3DS 2.0 was created for mobile devices. So, if your store is optimized for mobile devices, you won't have any problems with the user experience, because authentication for mobile devices is intuitive and uninterrupted.

3D Secure 1.0 Vs 2.0

You could already use the 3D Secure on your store.

Let's take a closer look at this technology and try to understand the main difference between 3D Secure 1.0 and 3D Secure 2.0. 3D Secure is a special protocol designed to prevent fraudulent activity and provide users with secure online card payments. 3DS uses the three domain model:

• Acquirer Domain is your Magento store
• Issuer Domain is an issuing bank
• Interoperability Domain is the infrastructure that supports the 3D Secure protocol. Usually, it is a payment gateway

Let's take an example: Your customer wants to buy a shirt. Enter the credit card information on the payment page and click on the Order button. Then the payment process begins. The merchant requests the 3DS verification from the Payment Gateway. Payment Gateway sends the request to the bank. The Bank provides a verification context and the Payment Gateway requires personal identification. This request is concatenated with the buyer and the popup / redirect page is displayed. Usually an SMS code or a unique password must be entered. This data is sent back to the Payment Gateway and it is verified that the payment is secure. The bank sends a confirmation of payment to the Merchant via the Gateway.

After making the transaction, you get a new order in the admin panel and the customer will see the success page. As you can see, this process is long and has some disadvantages that the 2.0 version of this system is designed to solve. The new payment verification method uses context data. In this case, the bank will analyze name and surname, billing addresses, e-mail, etc. And it will only request verification in 5% of high-risk transactions.

Today, mobile devices do not always correctly display 3DS popups or customers can trade them for a fraudulent website, this updated technology has also tried to address these problems and resolve them.

Staff BlogInnovazione.Item: Amasty