Back to
Back to the blog

Guide: The most important points from PSD2

PSD2 (Payment Services Directive 2) is a European Union (EU) directive created to set a standard in the industry of online payments across the EU28/EEA.

The directive has become part of each member state’s legislation from the 13th of January 2018. It is an addition to the outdated PSD1 from 2007.

PSD2’s most important measures for merchants are the following:

  1. New Surcharging
  2. Strong Customer Authentication

1. New Surcharging

PSD2 will regulate what types of payment cards used in transactions can be surcharged. There are two distinct cases: consumer cards and business/corporate cards.

Consumer cards- payment cards (e.g. debit/credit etc.) issued to individuals for their own personal needs. The cards are linked to the individuals’ personal bank accounts. The cards are used to purchase consumer goods/services i.e. food, clothing, gym memberships etc.

Business/corporate cards- payment cards (e.g. debit/credit etc.) that are issued in the name of companies for business-related purchases. The cards are linked to the companies’ bank accounts. The cards are used to purchase business-related goods/services i.e. buy a company car, hire a freelancer etc.

1.1. Surcharging B2C transactions will be banned

It will not be allowed for merchants to surcharge customers paying with consumer cards in B2C transactions; meaning that the merchant may no longer pass on the fee to its customers.

This measure applies to transactions which take place within an EU28/EAA member state or across its borders, in online or physical (point-of-sale) stores.

Transactions that cannot be surcharged:

1.2. Surcharging B2B transactions will still be permitted

It will continue to be allowed for merchants to surcharge customers making payments with business or corporate cards1 in B2B transactions.

What can I do about surcharging?

Importance of Visa and Mastercard

Despite the banning of surcharging consumer cards, accepting Visa & Mastercard payments across Europe is vital for business growth.

Non-cash payments in 2016 have increased by 8.5% in Europe.

According to the European Central Bank, in 2016 in Europe, 122 billion transactions were made using non-cash payments. 49%, or 59.6 billion, of these transactions were made using payment cards.

The value of the above transactions was 2.9 trillion Euros. A Nilson Report on 2016 discovered that these transactions were made:

Options to consider

2. Strong Customer Authentication

PSD2 promotes Strong Customer Authentication (SCA) in online payments by making Two-Factor Authentication (2FA) mandatory2. However, do not worry, there is a transition period (keep on reading).

Authentication- the process of checking that the customer making a payment in your webshop is the rightful owner of the card used in the transaction.

2FA is performed by asking the person making the purchase to provide either two of the following:

NOTE. As a merchant, you do not have to do any programming or special implementation to request in your webshop the factors for authentication. Clearhaus collaborates and exchanges information with your gateway and the cardholder’s issuing bank to provide your webshop with 2FA or Multi-Factor Authentication.

The benefits of SCA

Transition period

Although PSD2 has become national law on the 13th of January 2018, there still is a transition period at least until September 2019. This means that merchants, issuers and acquirers have the possibility of not applying SCA within the transition period. The final deadline for the SCA measure is not certain yet, we will keep you updated on this issue.

The transition period is dedicated to the members of the payment industry to get used to the Regulatory Technical Standards3.

Exemptions from the SCA measure

To comply with the SCA measure from PSD2, the best option is to implement 3-D Secure7 or Apple Pay.

3-D Secure is a security feature developed jointly by Visa and Mastercard, among others, with the purpose of authenticating the cardholder linked to a purchase. 3-D Secure protects your business against fraud. It shifts the liability to the issuing bank.

Apple Pay is a secure mobile payment and digital wallet service. Customers can pay with their phones without having to enter card and personal information every time they want to make a purchase. The information is stored in the Wallet app.

Clearhaus offers support for 3-D Secure and Apple Pay transactions. See our features.

Read the official PSD2 document. We also recommend you to familiarise yourself with the Regulatory Technical Standards.

1 - Consumer cards part of the four-party scheme that are subject to the Interchange Fee Regulation.

The Interchange Fee Regulation is a EU directive which specifies the maximum fees that issuing banks (customers’ banks) can charge for offering services related to card transactions.

In principle, business and corporate cards are not subject to the Interchange Fee Regulation.

2 - 2FA is the minimum security requirement. It can be the case that Multi-Factor Authentication may have to be applied.

3 - The Regulatory Technical Standards was developed by the European Banking Authority together with the European Central Bank to discuss the technical aspects of applying PSD2.

4 - The first recurring transaction will need to be authenticated with 2FA or Multi-Factor Authentication. The sum of each consecutive recurring transaction must be the same every billing period in order for the transaction to be exempted from SCA.

5 - Payment transactions initiated on the internet or through a device that can be used for distance communication.

6 - The first time your customers access the balance of their payment accounts, 2FA must be applied. If there have been 90 days since your customers last accessed the balance of their accounts, 2FA will have to be applied again.

7 - SCA requires at least 3-D Secure version 1.0.2 in order to fully comply.

Ask a Question


Helpdesk Suggestions: