Introduction to PSD2
PSD2 (Payment Services Directive 2) is European Union regulation that requires Strong Customer Authentication (SCA) for online payments. The directive applies to businesses processing card payments from customers with banks in the European Economic Area. This makes multi-factor authentication mandatory for most online transactions.
PSD2 builds on the original 2007 Payment Services Directive with three core objectives:
Enhanced security: Mandatory Strong Customer Authentication for online payments
Open banking: Third-party access to customer account data via secure APIs
Consumer protection: Stronger rights and clearer payment information
The revised directive increased innovation by allowing non-banks to participate. This leveled the playing field and boosted transparency and security for you.
For you, this means having one place to access all your bank data and compare fees. You can also review historical data and get more transparent account information.
As of 2025, PSD2 has become a standard part of European payment operations. According to Chargebee's 2025 research, companies that align their payment authentication with customer preferences see better conversion rates and lower involuntary churn.
Who Must Comply with PSD2
PSD2 applies to payment service providers within the European Economic Area (EEA). This includes banks, payment institutions, and e-money institutions. If you operate as one of these entities, you must comply with the directive.
PSD2 Compliance Requirements
The core compliance requirement of PSD2 is Strong Customer Authentication (SCA). SCA is a multi-factor authentication process that verifies a customer's identity before processing an online payment.
SCA requires customers to provide two of these three authentication factors:
Key exemptions for subscription businesses include:
Recurring payments: After initial SCA setup, next charges are exempt
Low-value transactions: Under €30 with cumulative limits
Trusted merchants: Customer-whitelisted businesses
PSD2 and Open Banking
PSD2 also provides the legal foundation for open banking across Europe. The directive mandates that banks must provide secure access to customer account data for authorized third-party providers (TPPs). Authorized third-party providers (TPPs) receive this access through Application Programming Interfaces (APIs).
This requirement allows customers to use third-party applications to manage their finances or initiate payments directly from their bank account. For businesses, it opens up new payment methods and financial service integrations. It fosters competition and innovation in the financial technology sector.
What Does PSD2 Mean for Subscription Businesses?
Strong Customer Authentication (SCA) applies to two transaction types:
Customer-initiated: When customers actively make a purchase (checkout, upgrade)
Merchant-initiated: Recurring charges using saved payment methods (monthly subscriptions, usage billing)
Merchants using a subscription business model will have to embed all the SCA flows on their checkout page once the PSD2 regulation goes live. For subscription payments with a fixed amount, merchants need to apply SCA only the first transaction. If you upgrade your plan or add on to it, your subscription amount changes. The first transaction with the new amount will require 3D Secure verification.
Complying with PSD2 can get especially challenging for subscription businesses that bill their customers based on usage because the amount would vary over time. Since these transactions are marked as "merchant-initiated transactions", they will be exempted from PSD2 and SCA requirements.
Best practices for PSD2 compliance in 2025:
Use 3DS 2.0: Use the latest authentication protocol for a better user experience
Apply for exemptions strategically: Reduce customer friction while maintaining compliance
Implement smart retry logic: Automatically retry failed payments with appropriate authentication
The Ultimate Guide to Revenue Operations See how you can drive efficiency into your RevOps with our extensive guide.Get the Guide
Implementing PSD2 for Revenue Growth
Strategic PSD2 implementation can actually improve payment performance. Companies using smart exemption strategies see higher authorization rates while maintaining compliance.
Exemption optimization: Identify qualifying transactions to reduce customer friction
Smart dunning: Automated retry sequences for authentication failures
Customer communication: Clear messaging about new security requirements
Using a smart dunning process helps manage payment failures that may result from authentication issues. Automated retries and clear customer communication can recover revenue that might otherwise be lost. A comprehensive billing platform helps you navigate these complexities, ensuring compliance while minimizing friction and protecting your revenue streams.
See how Chargebee helps you monetize with confidence. Book your personalized demo.
