The European Banking Authority (EBA) has launched the Payment Service Directive 2 (PSD2). It regulates all banks and financial institutions in the EEA (European Economic Area). In addition, 3D Secure 2 helps to comply with PSD2 and SCA. In this guideline we focus on the latest elements to be enforced: Regulatory Technical Standards (RTS), on Strong Customer Authentication (SCA) and secure communication under PSD2 in relation to Credit Cards schemes for merchant-initiated-transaction.
On 14th of September 2019 Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and secure communication under PSD2 comes into effect.
Entities in the European Economic Area (EEA) that accept online card payments will be affected by Strong Customer Authentication. This regulation applies to transactions where both the entities and the cardholder’s bank are located in the EEA.
Under the SCA regulation, there are some exemptions which can be applied. One of them is to flag transactions as merchant-initiated transactions (MIT). Thereby many use-cases require merchants to initiate a payment on behalf of the cardholder when the cardholder is not available to perform the authentication.
This exemptions can only be given by the merchants acquirer or issuer. If the issuer or acquirer does not agree with the exemption request, MIT flagged transactions may be declined. Furthermore you have to inform the cardholder about MIT on behalf of the cardholder.
If you succesfully applied for a MIT exemption please move on with integrating new 3Dv2 suppported APIs here.
Advantages of 3D Secure 2 according to the Credit Card schemes:
Support of frictionless flow
No card enrollment during the payment process
Harmonized look and feel
Risk based analysis
Strong customer authentication
Strong support of biometry
Strong support of mobile devices
Supports non-payment customer authentication as for Wallets or Card on File