Payments Services Directive v2 (PSD2) & Strong Customer Authentication (SCA)
This information has been written by Josh Barling, CEO of Sellerdeck, and is information gathered from multiple sources with the intention of providing practical advice to Sellerdeck customers. Sellerdeck cannot be responsible for the way readers use and apply this information.
The information on this page is a summary of the key points.
What is the Payments Services Directive v2 (PSD2)?
The Payments Services Directive v2 (PSD2) is a directive that aims to enhance the security of internet payments to reduce fraud.
For Ecommerce businesses, the major change in PSD2 is Strong Customer Authentication (SCA), which is a security protocol commonly met by 3D Secure, although other methods are available.
3D Secure is currently the markets preferred method to authorise an online card transaction (digital wallets, such as PayPal and Amazon Pay, have other methods).
The main benefit to you the merchant when using 3D Secure is the liability shift, meaning the card issuer (i.e. Visa, Mastercard) will accept liability for charge backs on fraudulent transactions.
From 15 October 2022 3D Secure v1 will be retired and replaced with 3D Secure v2. You must be using 3D Secure v2 by 15 October 2022 or you will see payment declines
What do I need to do?
Hopefully there is nothing you need to do, however there may be some actions which we’ll talk you through:
- If you’re using PayPal (excluding: PayPal Website Payments Pro) or Amazon Pay, there are no actions required
- If you’re using Sellerdeck Payments by Opayo, there are no actions required
- If you’re using Sellerdeck Payments by NMI please read the below section
- If you’re using Opayo (formerly SagePay), there are no actions required
- If you use a payment gateway that is unsupported, then we recommend you switch to a supported payment gateway to avoid payment declines
Sellerdeck Desktop payment gateways
Below are payment gateways with Sellerdeck Desktop and information on 3D Secure v2:
SellerdeckPay powered by ClearAccept
SellerdeckPay powered by ClearAccept is compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
Sellerdeck Payments powered by Opayo
Sellerdeck Payments powered by Opayo is compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
For further information on 3D Secure and to configure your fraud rules, please visit Opayo’s Fraud Prevention Guide. You can access Opayo’s online portal to make changes. Your login details were sent to you when you first registered.
Sellerdeck Payments powered by NMI
Sellerdeck Payments powered by NMI is compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
However, if you accept American Express you must apply a script change for 3D Secure v2 to work. This script change will be added within v18.2.1 and future versions. For instructions to apply the script change to your current version please visit our Knowledge Base article.
PayPal Commerce Platform
NOTE: 3D Secure is not mandatory or enabled for payments using the PayPal Wallet. It is only required and enabled for credit and debit cards paid through PayPal.
Sellerdeck Desktop has 5 different PayPal integrations, of which one is not compatible with 3D Secure (PayPal Website Payments Pro). All other integrations are compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
The most recent integration and the one which Sellerdeck will continue to invest in is “PayPal Commerce Platform”. We recommend you switch to this integration.
There is no action required to enable 3D Secure, this will be automatically enabled in your PayPal integration. For more information and further clarification visit PayPal’s FAQ page
PayPal integrations Compatible with 3D Secure v2:
- PayPal Commerce Platform – (in Sellerdeck Desktop this is called either ‘PayPal’ or ‘PayPal (cards))
- PayPal Website Payments – (same name in in Sellerdeck Desktop)
- PayPal Express Checkout – (same name in in Sellerdeck Desktop)
- PayPal Website Payments Pro Hosted Solution – (same name in in Sellerdeck Desktop)
PayPal integrations NOT Compatible with 3D Secure v2:
PayPal Website Payments Pro – (same name in in Sellerdeck Desktop) – is not compatible with 3D Secure version 2.
Opayo (formerly Sage Pay)
Opayo (formerly SagePay) is compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
Amazon Pay is compatible with 3D Secure v2 and the existing Sellerdeck Desktop integration.
Other Payment Gateways
If you are using one of the many other available payment gateways, then you will need to speak with the provider for further insight into 3D Secure v2.
Any payment gateway not on Sellerdeck’s supported and recommended payment gateway list is unsupported, meaning that if further development changes are required they will not be completed and our support team will not be able to provide support.
It’s strongly recommended you use a supported and recommended payment gateway.
Certain transactions will be exempt from SCA to minimise friction in the customer payment journey. These are:
Card transactions below £35 (€50). However, if the customer initiates more than five consecutive low value payments or if the total payments value exceeds €100, SCA will be required.
Recurring payment exemption – e.g. subscription (Merchant Initiated Transactions)
Recurring payments of the same value to the same merchant (such as subscriptions and membership fees) are exempt from SCA, after the initial transaction.
Whitelisting (or trusted beneficiary)
Cardholders will have the option to ‘whitelist’ a merchant they trust. They can request to have the trusted merchant be added to their record with the issuers after the first authentication is completed. Subsequent transactions with the whitelisted merchants are likely to be exempt from future authentication. Issuers can still reject this request if the cardholder is thought to be a high fraud risk.
Mail order / telephone order (MOTO) transactions
These are outside the scope of SCA and therefore there is no action.
Keep an eye on failed payments
There is a lot of uncertainty with this regulation and our recommendation is to look at the volume of historical orders and failed payments. This will give you indications as to whether there is an issue you need to investigate.
Sellerdeck Desktop captures abandon carts in the tab ‘Pending Payment Service Provider’ under ‘Orders’. If a customer enters full details and the payment fails, the details will be downloaded into this part of the software. A suggestion is to make a note of how many of these abandon carts you typically get each month and compare that to months after SCA is enforced.
There is typically failed payments information held in your payment gateway control panel, this is also a good place to view details.