PSD2, 3D Secure, 3DS2: Strong authentication - Dalenys
You are currently visiting Dalenys website in englishGo to french version
What will change with the PSD2

A new model of cooperation for merchants, PSPs and banks

With the PSD2, most transactions shall require strong authentication. Nonetheless, the more exchanges there are between banks, PSPs and you, the less impact strong authentication requests will have on your business. Such cooperation is based on the exchange of new data required by 3DS 2.0, as well as applications for exemption.

A new protocol
3DS 2.0

Strong authentication requests for all payments

Possible exemptions
under certain conditions

Seamless procedures for a smooth customer experience


10 minutes to understand the challenges of the PSD2 with Guillaume Djourabtchi, CMO of Dalenys and Natixis Payments (in French).

Conditions for successful strong authentication

To be considered ‘successful’, strong authentication must be based on at least 2 of the following 3 criteria:


Information that only the user knows (PIN code, password, etc.)


Information that only the user has (a card, mobile phone, etc.)


User recognition information, biometric identification (fingerprint, iris or voice recognition)

Merchants, your role is changing

Even though strong authentication is to become the norm, the procedure can still be seamless, with validation by issuing banks. Below are our recommendations on how to be proactive in the face of the PSD2, reduce fraud and optimise seamless trade.
Find out the main exemptions to optimise your conversion
Exchange the right data
Develop your risk analysis
Qualify any applications for exemption and submit them to the issuer

Issuer response YES: Seamless procedure

Issuer response NO: Implementation of strong authentication

Develop your risk analysis

The more your applications for exemption result from a thorough, effective real-time risk analysis, the more you will be perceived as a trusted partner by issuers. A reliable risk analysis in accordance with RTS (Regulatory Technical Standards) will subsequently ensure a lower fraud rate and more exemptions.
White paper

Discover Dalenys’ advice on how to reconcile compliance with a smooth customer experience

Focus on the requirements and the methods of cooperation between e-retailers, banks and PSPs for making the PSD2 a success.

20 pages providing an overview of the next migration steps and best practices to be put in place for e-retailers:

- Authentication vs. seamless procedure: the new rules of the game
- Risk analysis and applications for exemption: a virtuous circle
- Issuers, retailers and PSPs: successful cooperation

Implementation schedule

A European deadline

The EBA (European Banking Authority) has announced that strong customer authentication (SCA) for e-commerce will come into force as of 31 December 2020. Migration plans have been defined on a country by country basis by each national regulator. These migrations often make use of "soft decline" strategies to gradually reach full RTS compliance (dates subject to change by each regulator).

What is "soft decline"?

This is the process whereby a request for direct authorisation of a transaction without prior authentication is refused by the client’s bank. The payment must be resubmitted with strong authentication.

Migration plans country by country

  • 1 October 2020: soft decline for transactions > €2,000
  • January 2021: soft decline for transactions > €1,000
  • February 2021: soft decline for transactions > €500
  • April 2021: soft decline for all transactions

National authority: Banque de France

  • 1 June 2021: beginning of the soft decline with gradual increase in load
  • September 14, 2021: additional time granted by the EBA for full compliance

National authority: Financial Conduct Authority (FCA)

  • January 15, 2021: soft decline of transactions> 250 €
  • February 15, 2021: soft decline of transactions> 100 €
  • March 15, 2021: soft decline of all transactions

National authority: BaFin

  • Should follow the approach of the German regulator

National authority: Financial Market Authority (FMA)

  • January 1, 2021: full compliance, no gradual ramp-up planned

National authority: Banco de Espana

  • August 25, 2020: soft decline of transactions> € 1,500
  • September 22, 2020: soft decline of transactions> 250 €
  • October 19, 2020: soft decline of transactions> 30 €
  • November 17, 2020: soft decline of transactions> 0 €
  • Temporary exemption for the travel and hotel industries until November 17

National authority: National Bank of Belgium (BNB)

  • October 6, 2020: soft decline of transactions> 250 €
  • November 17, 2020: soft decline of transactions> 30 € (test)

National authority: Dutch Banking Association (NVB)

  • January 1, 2021: full compliance, no gradual ramp-up planned

National authority: Bank of Irland

Would you like to learn more about the tools for seamless e-commerce?