Payments Services Directive v2 (PSD2) & Strong Customer Authentication (SCA)
This information has been written by Josh Barling, CEO of Sellerdeck, and is information gathered from multiple resources with the intention of providing practical advice to Sellerdeck customers. Sellerdeck cannot be responsible for the way readers use and apply this information.
Due to the number of parties involved in the changes surrounding this subject, it is complex and the detail is changing. The information on this page is a summary and does not go into the full detail. We hope to provide further clarification as more information is made available.
What is the Payments Services Directive v2 (PSD2)?
The Payments Services Directive v2 (PSD2) is a directive that aims to enhance the security of internet payments to reduce fraud.
For eCommerce businesses, the major change in PSD2 is Strong Customer Authentication (SCA), which is a security protocol commonly met by 3D Secure, although other methods are available.
The initial deadline for SCA was 14 September 2019, but the Financial Conduct Authority (FCA) in the UK delayed the enforcement until 14 September 2021. However, SCA will be introduced gradually in the UK from 1 June 2021, so you must have a solution in place by 1 June 2021.
The EU’s deadline for SCA is 1 January 2021 and if you accept payments from cardholders within the European Economic Area (EEA), you should implement SCA by 1 January 2021.
3D Secure is currently the markets preferred method to authorise an online card transaction (digital wallets, such as PayPal and Amazon Pay, have other methods).
The main benefit to you the merchant when using 3D Secure is the liability shift, meaning the card issuer (i.e. Visa, Mastercard) will accept liability for charge backs.
What do I need to do?
Hopefully there is nothing you need to do, however there may be some minor actions, we’ll talk you through them:
- If you are only using PayPal and or Amazon Pay, there are no required actions
- If you currently have 3D Secure enabled on your payment gateway, there are no required actions
- If you do not have 3D Secure enabled on your payment gateway, you need to activate this
- You should place test transactions on all your payment methods so that you experience a similar journey to your customers (it must be over £35)
Activating 3D Secure
To do this, log into your payment gateway portal and enable 3D Secure within the security settings. NOTE: Sellerdeck Payments controls 3D Secure within the Desktop Application (details below). However, you may need to speak with your merchant provider first to ensure 3D Secure is enabled (most providers have been automatically activating 3D Secure in preparation of SCA).
Supported and recommended Sellerdeck Desktop payment gateways
Below are the supported and recommended payment gateways with Sellerdeck Desktop and some guidance on them:
Sellerdeck Payments currently meets SCA using 3D Secure, however you must activate this on your website.
To do that, please follow the instructions in the Help files within the section ‘Sellerdeck Payments’ of the Sellerdeck Desktop application.
Sellerdeck Payments and NMI are prepared for 3D Secure v2 and no changes on your website will be required – this will happen automatically if you have 3D Secure enabled. Certifications of 3D Secure v2 are currently in progress with all of our major processors.
PayPal Commerce Platform
NOTE: 3D Secure is not mandatory or enabled for payments using the PayPal Wallet. It is only required and enabled for credit and debit cards paid through PayPal.
Sellerdeck Desktop has 5 different PayPal integrations, of which one is not compatible with 3D Secure (PayPal Website Payments Pro).
The most recent integration and the one which Sellerdeck will continue to invest in is “PayPal Commerce Platform”. We recommend you switch to this integration – https://www.sellerdeck.co.uk/paypal-commerce-platform/
There is no action required to enable 3D Secure, this will be automatically enabled in your PayPal integration. For more information and further clarification visit – https://www.paypal.com/hk/webapps/mpp/3dsecure-faqs
- PayPal Commerce Platform
- PayPal Website Payments
- PayPal Express Checkout
- PayPal Website Payments Pro Hosted Solution
- PayPal Website Payments Pro – is not compatible with 3D Secure version 2, we strongly recommend you switch to Website Payments Pro Hosted Solution, Express Checkout or Website Payments.
Opayo (formerly Sage Pay)
Sellerdeck Desktop uses the Form integration which is already 3D Secure v1 and v2 compatible. The only action you need to complete is to enable 3D Secure.
To do this please log into your Opayo account – https://live.sagepay.com/mysagepay/
For more information please visit – https://www.opayo.co.uk/support/16/3d-secure-v2-what-do-customers-need-to-do
Sellerdeck Desktop’s integration with Amazon Pay is described as an “Ecommerce solutions” integration and already has 3D Secure and 3D Secure v2 available out of the box.
There are no actions required.
More information on this can be found here – https://pay.amazon.co.uk/help/JE5KSJW4SFH2UM8
Other Payment Gateways
If you are using one of the many other available payment gateways, then you will need to speak with the provider for further insight into 3D Secure and 3D Secure v2.
Sellerdeck supports and recommends the gateways in the above list, any payment gateway not on that list is unsupported, meaning that if further development changes are required they will not be completed.
It’s strongly recommended you use a supported and recommended payment gateway.
Certain transactions will be exempt from SCA to minimise friction in the customer payment journey. These are:
Card transactions below £35 (€50). However, if the customer initiates more than five consecutive low value payments or if the total payments value exceeds €100, SCA will be required.
Recurring payment exemption – e.g. subscription (Merchant Initiated Transactions)
Recurring payments of the same value to the same merchant (such as subscriptions and membership fees) are exempt from SCA, after the initial transaction.
Whitelisting (or trusted beneficiary)
Cardholders will have the option to ‘whitelist’ a merchant they trust. They can request to have the trusted merchant be added to their record with the issuers after the first authentication is completed. Subsequent transactions with the whitelisted merchants are likely to be exempt from future authentication. Issuers can still reject this request if the cardholder is thought to be a high fraud risk.
Mail order / telephone order (MOTO) transactions
These are outside the scope of SCA and therefore there is no action.
Keep an eye on failed payments
There is a lot of uncertainty with this regulation and our recommendation is to look at the volume of historical orders and failed payments. This will give you indications as to whether there is an issue you need to investigate.
Sellerdeck Desktop captures abandon carts in the tab ‘Pending Payment Service Provider’ under ‘Orders’. If a customer enters full details and the payment fails, the details will be downloaded into this part of the software. A suggestion is to make a note of how many of these abandon carts you typically get each month and compare that to months after SCA is enforced.
There is typically failed payments information held in your payment gateway control panel, this is also a good place to view details.
Isolating EU countries
The deadline of PSD2 and SCA for the EU (specifically EEA) is 1 January 2021.
If you do not have 3D Secure enabled currently, then you may need to enable this for EU transactions. 3D Secure is either on or off, so if your EU transactions are a smaller percentage of your overall orders, you may not want UK transactions to use 3D Secure just yet (while the dust settles).
If you are happy to take the liability and do not want to increase abandon carts, we recommend using a payment gateway specifically for EU countries and ideally a digital wallet like PayPal or Amazon Pay.
This is managed in the ‘Business Settings’, ‘Payment and Security’ and the ‘Limited by Location’ tick box (use the same EU country list as you have in your VAT settings).
By using this feature you can isolate EU transactions and allow for less friction on UK transactions:
However, you must have 3D Secure enabled for all transactions by 1st June 2021.