What is PSD2?
Payment Services Directive 2 is an update on the initial Payment Services Directive issued by the European Commission. The original Payment Services Directive was an EU Directive administered by the European Commission to regulate payment services and payment service providers. The directive was put in place to promote competition, create a level playing field, and enhance protections for customers.
However, the world has changed since the initial PSD. Technology has advanced across the board, including mobile payments and the techniques used by cyber-criminals to breach security protocols. The PSD2 is an effort to update the legislation in a manner that takes into account the current payment method landscape.
The objectives of PSD2 are to increase security, competition, and transparency, combat fraud, promote innovation, and bring greater value to customers. While deadlines vary in some countries, most jurisdictions will be required to be in compliance by December 31, 2020.
What’s Going to Change?
As part of PSD2’s Strong Customer Authentication requirement, customers will be required to satisfy two out of three methods of identification. These include:
- A piece of information known only to the user, such as a password, pin, or signature.
- An object only the user possesses, like a card, mobile phone, or wearable device.
- A biometric requirement, like facial recognition, a fingerprint, or an iris scan.
Which Transactions Are Affected? Which Are Exempt?
Online payments will be affected. If a payment card is saved on a website, that only counts as one method of authentication, and users will be asked to complete an additional step during payments. This will affect the user experience by requiring additional steps during depositing.
All transactions within the jurisdiction of the European Commission will be affected by PSD2 and SCA, but there are exceptions. Some transactions are out of the scope of the PSD2.
- “One leg out” transactions: Transactions involving one party which is outside the European Economic Area will be considered out of the scope of the PSD2.
- “MOTO” (mail order telephone order) transactions: There is no need for SCA if the deposit is made over a phone line.
Some transactions that are within the scope of the PSD2 will be exempt from its requirements.
- Low-risk transactions: Transactions that are assessed as low risk will be exempt. This assessment will apply to merchants with sufficiently low fraud rates. The higher the transaction value, the lower the fraud rate must be.
- Low-value transactions: Remote electronic payments under 30 Euro will be exempt. This applies to up to five consecutive transactions.
- Corporate payments: SCA will not be required for B2B payments using a secure channel. Virtual corporate cards are also exempt.
- Transactions involving whitelisted beneficiaries: Companies can whitelist players who are known to be trustworthy.
Alternative Payment Methods (APMs)
Alternative Payment Methods (APMs) will also be required to use Strong Customer Authentication. APMs are any methods of payment that don’t involve massive global credit cards like Visa or MasterCard. However, many APMs, like Apple Pay, already have systems in place that incorporate SCA, and those that do not already have 2-factor authentication are outside the scope of SCA.
How Will Operators be Affected?
While the new measure will improve authentication and transparency, another result will be that operators will face increased processing costs due to the inclusion of the new payment steps. Some major credit cards charge additional costs for authentication. Additionally, drop-out rates could increase as users deal with the friction from the added authentication steps.
Many of the available exemptions will be dependent on fraud rates. Operators and users will face scrutiny regarding their fraud rates if they seek exemptions. Also, operators could face some development work while incorporating SCA, costing them time and money.
How Should Operators React?
While it might cause some growing pains, PSD2 won’t disrupt the industry by any means. Operators should make sure they employ a variety of payment methods, including alternative payment methods, many of which already include two out of the three necessary security checks. In order to provide players with the widest variety of compliant options, operators can use Slotegrator’s Moneygrator protocol to incorporate over 100 payment methods into their online casino.