Payment Services Directive 2 (PSD2)
PSD2 requires SCA if ALL of the following apply to you:
- Your business accepts credit or debit cards.
- Your customers purchase your products or services with credit cards issued by banks located within the European Economic Area (EEA).
- Your merchant account or merchant acquirer (bank processing the payment for your merchant) is located within the EEA.
Banks may decline payments if your business fits the criteria above and SCA is not in place. In Ontraport, these declined payments will result in declined sales.
Strong Customer Authentication (SCA)
SCA requires two out of three mandatory authentication measures to be accepted before a payment can be processed. The measures described in the regulatory technical standards are:
- Knowledge: something only the user knows such as a password or PIN
- Possession: something only the user has such as a token, code or key
- Inherence: something inherent to the user such as a fingerprint, biometric or voice
Under PSD2, payment service providers — such as Stripe, PayPal and Authorize.net — must apply SCA for the following types of transactions:
- Every payment over €30
- Transactions under €30 if there have been five or more transactions or charges totaling €100 or more on the same card without SCA
3D Secure authentication
3D Secure authentication comes into play when a payment is submitted. Before the transaction is processed, the card and the payment details are sent to your 3D Secure provider to check if the transaction is at risk of fraud. If fraud or other risks are detected, 3D Secure requires the cardholder to authenticate the payment. Once authentication is provided, the payment will continue processing.
Cost of 3D Secure
The gateway you are using will determine the cost, if any, for 3D Secure.
- Stripe: offers its built-in 3D Secure service for free.
- Paypal Website Payments Pro (UK): offers 3D Secure for free through CardinalCommerce — the service that PayPal uses to provide 3D Secure to its users. To sign up, use this form.
- Authorize.net: requires a set-up fee and recurring transaction fee. Visit this page to get started through CardinalCommerce.
Enable 3D Secure in Ontraport
- Go to→ Settings → and locate the 3D Secure option at the bottom of your Stripe, Paypal Website Payments Pro, or Authorize.net gateway.
- Stripe and Stripe Token: Toggle the switch and paste the “Stripe Publishable Key.” It is found in the Developers → API section of the Stripe administration panel.
- PayPal Website Payments Pro: Sign up for the service. Once you are signed up, collect your app ID, API key and org unit ID from CardinalCommerce and add them to your gateway settings.
- Authorize.net: Sign up directly with CardinalCommerce. Once you are signed up, collect your app ID, API key and org unit ID from CardinalCommerce and add them to your gateway settings.
Once you’ve completed your setup, all pending transactions will go to 3D Secure to determine if they are valid and secure before getting approved. If 3D Secure needs more authentication information, they’ll request what they need from the buyer with a pop-up. This will ensure that banks will not decline payments due to missing SCA, and your customers’ transactions will be protected.
This article’s information was collected through an immense amount of research across many sources including the actual Payments Services Directive and Regulatory Technical Standards. This information is meant as a reference guide and shouldn’t be considered legal advice. You can use this article as a starting point to help you decide what you should do next. Ontraport cannot be held accountable for any decisions you make based upon the information contained within this article.