Compliance & Security

What is PSD2?

The Second Payment Services Directive is a European regulation that will require online card payments to go through Strong Customer Authentication (SCA) from September 14th, 2019.

Introduction to PSD2

The second edition of the Payment Services Directive (PSD2) is set to bring about a sweeping change in the payments, finance as well as the SaaS world. PSD2 aims at using rapid changes in technology to bring in more competition and innovation to the European market along with strengthened payment security and in turn, consumer protection.

The Second Payment Services Directive (PSD2) is structured around three parts of the first Directive brought in 2007. The areas are — harmonizing consumer protection and rights, policies for third-party payment providers to access account information and enhanced security. With new types of payment services coming up, the European Commission decided to revise the PSD1 regulation. The new payment service providers brought in innovation and competition by bringing in less expensive alternatives for online payments. The problem was that they were not regulated properly.

By including them in the revised edition of PSD meant an increase in innovation with participation from non-banks to level the playground, boost transparency and security for consumers.

For users, this means having a single place to access all their bank data, compare fees charged by the banks, review their historical data, more secure and faster transactions, and more transparency in their account information.

One of the main focus areas of the revised edition of the PSD law is more security for online payments through Strong Customer Authentication (SCA). For consumers, it is an increase in customer rights, faster payments, and clearer information on payments and refund rights.

What Does PSD2 Mean for Subscription Businesses?

Strong Customer Authentication (SCA) will apply to both customer-initiated as well as merchant-initiated transactions. A merchant initiated transaction is a transaction made with a customer’s saved card when they aren’t present.

Merchants using a subscription business model will have to embed all the SCA flows on their checkout page once the PSD2 regulation goes live. For subscription payments with a fixed amount, merchants need to apply SCA only the first transaction. However, if the customer upgrades to a higher plan, or couples add-ons to their plan, their subscription amount changes, which will require 3D secure verification for the first transaction with the changed amount.

Complying with PSD2 can get especially challenging for subscription businesses that bill their customers based on usage because the amount would vary over time. Since these transactions are marked as “merchant-initiated transactions”, they will be exempted from PSD2 and SCA requirements.

Even though a merchant initiated transaction is exempted from PSD2, the first transaction will require 3DS 2 verification and we’d recommend you have it enabled for all transactions so that payments don’t fail.

The Ultimate Guide to Revenue Operations
See how you can drive efficiency into your RevOps with our extensive guide.

Additional Reads

Here are some additional resources for you to get an in-depth understanding of PSD2 and its implications for subscription businesses: