Are you 3D Secure 2 ready?
3D Secure 2 is on the horizon, and if you are accepting payments inside the EEA then you need to ensure that you have implemented Strong Customer Authentication (SCA) before 31st December 2020 to be compliant.
You may recognise the name SCA, as these requirements were originally meant to come into effect back in September 2019, but the enforcement was eventually delayed. With the new compliance date of 31st December 2020 for any platform accepting payments inside the EEA, it’s important that you act now to implement SCA.
The UK who is currently in the transition period of leaving the EEA have extended the compliance date back to September 14th 2021. Before we go further into what is expected of you, let’s backtrack slightly and give some context.
What is Payment Services Directive 2 (PSD2)
PSD2 is an EU Directive which sets requirements for firms that provide payment services and will affect banks and building societies, payment institutions, e-money institutions and their customers. As well as promoting innovation, PSD2 aims to improve consumer protection, make payments safer and more secure, and drive down the costs of payment services.
What is 3D Secure 2 (3DS2):
3DS2 is a new standard introduced by EMVCo and the major credit card payment providers. It brings a new approach to authentication through a wider range of data, biometric authentication and an improved online experience. This new protocol addresses many of 1.0’s issues while bringing benefits across a wider set of use cases for businesses all over the world.
So how are you affected?
From Jan 1st 2021 the PSD2’s SCA requirements go live in the EEA. Any business with substantial European volume will need to have 3D Secure 2 implemented by this date in order to most effectively meet SCA requirements.
If you are taking card payments online, you will need to have 3D secure enabled. You will also need to make sure that your payment service providers (PSP) will be ready and Live with 3DS2.
In order to support the new 3DS2 process, your payment provider(s) will have been working on adding 3D Secure 2 compliance to their solutions. They must ensure that their eCommerce extensions/plugins are also up to date.
So what should you do?
If you are inside the EEA (e.g. Ireland) then it’s important to start contacting your payment gateway(s) about the upgrade process. These are also known as payment service providers (PSP). You will also need to speak with your acquiring bank (if your PSP doesn’t do this).
If you are based in the UK then it’s still important to start enquiring about the upgrade process. While you have a later compliance date, the sooner it’s done the better.
Most payment gateway providers, such as Global Payments, Adyen, Braintree or Paypal, all have different ways of handling payments. Some will already act as the acquiring bank. So as a result, the upgrade to 3DS2 is different for each gateway and the time it takes to complete the upgrade may vary.
Why should you act now:
Taking payments efficiently online is undeniably one of the most important parts of the eCommerce checkout process. Should you be in the unlikely situation where your payment service provider will not be ready for 3DS2, you will need to assess what to do next. Moving to another payment gateway can take some time to get up and running, and this move may be necessary in order to ensure that you are compliant with this EU Directive.
Hopefully, this has been helpful and has helped to clear up any confusion around what 3DS2 is and how you can comply with it. Here at Monsoon Consulting, we are happy to help you as you aim to get the most out of your eCommerce platform. For more information on how Monsoon Consulting can help your business online, please get in touch with firstname.lastname@example.org or call +353 (0)1 4750066.
All the best,
Team Monsoon :-)