What is happening?
From 14th September 2019 an update to the EU’s Payment Services Directive (known as PSD2) will change requirements for many online payments for customers in the European Economic Area (EEA).
From this date, Strong Customer Authentication (SCA) will be required for online payments between businesses based in the EEA and customers based in the EEA.
SCA requires two or more of the following elements to authenticate someone who tries to make a payment online:
- knowledge (something only the user knows, like a password);
- possession (something only the user possesses, like a phone); and/or
- inherence (something the user is, like a fingerprint).
Based on the credit card billing address of the business and the customers, the payment provider will determine whether SCA is necessary for the transaction and it will happen automatically.
What do you need to do?
If you buy anything on-line you may already have noticed an increase in two-factor authentication of the payments you make. This will become the norm.
If you collect payments on-line e.g. with an on-line shop or selling services such as training, you need to ensure that your credit card payment software and integration with your website is up to date and PSD2 compliant. In most cases this will be managed by the payment services provider but it will depend on you having the latest version of plug-ins or integration on your website. For example:
- Thinkific e-learning portal: PSD2 will be entirely managed by Thinkific, there is nothing you need to do.
- Stripe payments through a WordPress website: you probably have a WP plugin such as WP Simple Pay. This plugin will need to be upgraded on your website. If you don’t, your payment system may decline customer payments through your website after 14th September 2019.
If you are not sure, now is the time to check with your payment provider or portal.
There’s always something, isn’t there?