What will change with the PSD2
A new model of cooperation for merchants, PSPs and banks
With the PSD2, most transactions shall require strong authentication. Nonetheless, the more exchanges there are between banks, PSPs and you, the less impact strong authentication requests will have on your business. Such cooperation is based on the exchange of new data required by 3DS 2.0, as well as applications for exemption.
A new protocol
3DS 2.0
Strong authentication requests for all payments
Possible exemptions
under certain conditions
Seamless procedures for a smooth customer experience
Podcast
10 minutes to understand the challenges of the PSD2 with Guillaume Djourabtchi, CMO of Dalenys and Natixis Payments (in French).
Conditions for successful strong authentication
To be considered ‘successful’, strong authentication must be based on at least 2 of the following 3 criteria:
Knowledge
Information that only the user knows (PIN code, password, etc.)
Possession
Information that only the user has (a card, mobile phone, etc.)
Inherence
User recognition information, biometric identification (fingerprint, iris or voice recognition)
Merchants, your role is changing
Even though strong authentication is to become the norm, the procedure can still be seamless, with validation by issuing banks. Below are our recommendations on how to be proactive in the face of the PSD2, reduce fraud and optimise seamless trade.
1.
Find out the main exemptions to optimise your conversion
2.
Exchange the right data
3.
Develop your risk analysis
4.
Qualify any applications for exemption and submit them to the issuer
Issuer response YES: Seamless procedure
Issuer response NO: Implementation of strong authentication
Develop your risk analysis
The more your applications for exemption result from a thorough, effective real-time risk analysis, the more you will be perceived as a trusted partner by issuers. A reliable risk analysis in accordance with RTS (Regulatory Technical Standards) will subsequently ensure a lower fraud rate and more exemptions.
White paper
Discover Dalenys’ advice on how to reconcile compliance with a smooth customer experience
Focus on the requirements and the methods of cooperation between e-retailers, banks and PSPs for making the PSD2 a success.
20 pages providing an overview of the next migration steps and best practices to be put in place for e-retailers:
- Authentication vs. seamless procedure: the new rules of the game
- Risk analysis and applications for exemption: a virtuous circle
- Issuers, retailers and PSPs: successful cooperation
Download
- Authentication vs. seamless procedure: the new rules of the game
- Risk analysis and applications for exemption: a virtuous circle
- Issuers, retailers and PSPs: successful cooperation
Implementation schedule
A European deadline
The EBA (European Banking Authority) has announced that strong customer authentication (SCA) for e-commerce will come into force as of 31 December 2020. Migration plans have been defined on a country by country basis by each national regulator. These migrations often make use of "soft decline" strategies to gradually reach full RTS compliance (dates subject to change by each regulator).
What is "soft decline"?
This is the process whereby a request for direct authorisation of a transaction without prior authentication is refused by the client’s bank. The payment must be resubmitted with strong authentication.
Migration plans country by country
- 5 October 2020: soft decline for transactions > €2,000
- 15 January 2021: soft decline for transactions > €1,000
- 15 February 2021: soft decline for transactions > €500
- 15 March 2021: soft decline for transactions > €250
- 15 April 2021: soft decline for transactions > €100
- 15 May 2021: soft decline for all transactions
National authority: Banque de France
- 1 June 2021: beginning of the soft decline with gradual increase in load
- September 14, 2021: additional time granted by the EBA for full compliance
National authority: Financial Conduct Authority (FCA)
- January 15, 2021: soft decline of transactions> 250 €
- February 15, 2021: soft decline of transactions> 100 €
- March 15, 2021: soft decline of all transactions
National authority: BaFin
- January 15, 2021: soft decline of transactions> 250 €
- February 15, 2021: soft decline of transactions> 100 €
- March 15, 2021: soft decline of all transactions
National authority: Financial Market Authority (FMA)
- January 1st, 2021 : soft decline of transactions > €250
- February 1st, 2021 : soft decline of transactions > €30
- March 1st, 2021 : soft decline of all transactions
National authority: Banco de Espana
- January 19, 2021 : soft decline of transactions > €1,500
- February 23, 2021 : soft decline of transactions > €500
- March 23, 2021 : soft decline of transactions > €250
- April 19, 2021 : soft decline of transactions > €100
- May 18, 2021 : soft decline of all transactions
National authority: National Bank of Belgium (BNB)
- January 20, 2021 : soft decline for 3DS transactions > €500
- March 1st, 2021 : soft decline for 3DS transactions > €250
- April 1st, 2021 : soft decline for all 3DS transactions
- May 1st, 2021 : soft decline for non 3DS transactions > €250
- June 1st, 2021 : soft decline for non 3DS transactions > €150
- July 1st, 2021 : soft decline for all transactions
National authority: Bank of Irland
- January 1st, 2021 : soft decline of transactions > €1,000
- Febraury 1st, 2021 : soft decline of transactions > €500
- March 1st, 2021 : soft decline of transactions > €100
- April 1st, 2021 : soft decline of all transactions
National authority: CONSOB