Payments is a key part of the shopping experience no matter where and what you’re selling, but it’s especially important online where trust and security are top of mind.
If you’re selling in the European Economic Area (EEA), you may have heard about the revised Payment Services Directive (PSD2). It’s a regulatory requirement intended to increase protection against fraud for online purchases, and will have some impact on businesses in the EEA.
However, it’s our job to help you navigate these complexities of selling so that you can focus on running and growing your business. Here’s an overview of what’s happening, and what it means for you.
What is the revised Payment Services Directive (PSD2)?
The revised Payments Services Directive (PSD2) regulates the payments industry in the European Union. One of the major updates that comes into effect this year is stronger protection for customers who shop online using their debit and credit cards, which protects you too: fewer fraudulent charges is good for everyone.
To comply with these new regulations, you’ll need to make sure you have Strong Customer Authentication (SCA) for payments you accept from European buyers to help mitigate card-not-present fraud.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is similar to what many people refer to as two-factor authentication: if a customer is buying online using their debit or credit card, SCA may require them to use two forms of authentication. As an example, instead of just entering their PIN or password, Strong Customer Authentication would prompt a customer to enter a code generated on their banking app as a second step. This makes it harder for fraudulent transactions to get through.
Customers are asked to enter this information only when it’s required through a technology known as 3D Secure—an extra layer of security that customers have to enter during checkout to authenticate themselves. Your customers will see the 3D Secure indicator start to show up on orders after PSD2 comes into effect.
What does PSD2 mean for Shopify merchants?
If you’re using Shopify Payments in Germany, Ireland, the Netherlands, Spain or the United Kingdom, you don’t need to do anything. You’ll be compliant in time for the September 14th, 2019 deadline automatically.
If you’re using Stripe in Austria, Belgium, Denmark, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxemburg, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, or the UK, you’ll also be fully compliant with PSD2 before the deadline and be able to offer SCA without any changes.
We encourage all merchants on third-party gateways to adopt Shopify Payments or Stripe to make processing payments an effortless experience, even when it comes to compliance.