Is your payment and collection process PSD2 ready?
The countdown is on. Businesses processing online payments have until 14th September to comply with the Regulatory Technical Standard (RTS) of PSD2, the revised Payment Services Directive issued by the European Commission for innovation, improvement and internet payment safety. Are you ready?
PSD2 was initially adopted in 2015, and becomes applicable in January 2018. It is an updated version of the original directive aiming to create ‘an efficient market for payment services in Europe’. This updated version builds on the first directive most clearly in areas related to consumer rights – and most clearly of all in terms of delivering enhanced security.
The RTS, that final piece of the directive which comes into force in September, specifies the final security measures which organisations are expected to deploy to be compliant with PSD2. So if your organisation processes payments online – remembering that this applies to businesses across a range of sectors including utilities, leisure, transport and other services, as well as ecommerce businesses – you have until 14th September to implement additional security measures.
Specifically, you have until 14th September to implement strong customer authentication, or SCA, on all remote ecommerce transactions of €30 or more (some transactions under €30 will also require SCA under the cumulative rule). And this isn’t just a ‘nice to have’, or something you can catch up on a week or two later. As of 14th September, you will be technically unable to process payments without SCA. A hard stop is in place, policed by the major payment companies.
So if you want to be able to continue accepting payments online, continue selling your goods or services and continue maintaining good relationships with your customers, you need to implement SCA now.
How to implement SCA?
SCA delivers enhanced authentication for online payments. It requires customers to verify their identity through at least two of the following: a biometric factor; this is something they are such as a fingerprint, voice recognition or facial recognition software, a phone or other piece of hardware; this is something they have, or a PIN, password or security question; which is something that they know.
One of the exceptions is if you process payments via a digital wallet solution, because the wallet essentially counts as a single method of identity verification in itself. This means that you as the business accepting payments only need to implement one additional method of identity verification for those payments. Additionally, regular payments such as those for a subscription service or paying a bill on a regular basis may be fast tracked through to an approved customer list.
Revive Management can enable you to implement PSD2-compliant payment processing for your collections processes smoothly, simply and cost-effectively.
Thanks to our recent partnership with Cybersource, we can now offer digital wallet functionality including Visa Checkout, Apple Pay, Samsung and Google Pay, and we ourselves are compliant with PSD2 so you can make quick and easy requests for payments – and process those payments – seamlessly both before and after 14th September.