Guide: The most important points from PSD2

PSD2 (Payment Services Directive 2) is a European Union (EU) directive created to set a standard in the industry of online payments across the EU28/EEA.

The directive has become part of each member state’s legislation from the 13^th of January 2018. It is an addition to the outdated PSD1 from 2007.

PSD2’s most important measures for merchants are the following:

1. New Surcharging
2. Strong Customer Authentication

1. New Surcharging

PSD2 will regulate what types of payment cards used in transactions can be surcharged. There are two distinct cases: consumer cards and business/corporate cards.

Consumer cards- payment cards (e.g. debit/credit etc.) issued to individuals for their own personal needs. The cards are linked to the individuals’ personal bank accounts. The cards are used to purchase consumer goods/services i.e. food, clothing, gym memberships etc.

Business/corporate cards- payment cards (e.g. debit/credit etc.) that are issued in the name of companies for business-related purchases. The cards are linked to the companies’ bank accounts. The cards are used to purchase business-related goods/services i.e. buy a company car, hire a freelancer etc.

1.1. Surcharging B2C transactions will be banned

It will not be allowed for merchants to surcharge customers paying with consumer cards in B2C transactions; meaning that the merchant may no longer pass on the fee to its customers.

This measure applies to transactions which take place within an EU28/EAA member state or across its borders, in online or physical (point-of-sale) stores.

Transactions that cannot be surcharged:

• Payment transactions made with consumer cards¹ (debit/credit) like Visa, Mastercard, Dankort etc.
• Payment transactions made via direct debits or credit transfers in Euros (also known as SEPA payments)

1.2. Surcharging B2B transactions will still be permitted

It will continue to be allowed for merchants to surcharge customers making payments with business or corporate cards¹ in B2B transactions.

What can I do about surcharging?

Importance of Visa and Mastercard

Despite the banning of surcharging consumer cards, accepting Visa & Mastercard payments across Europe is vital for business growth.

Non-cash payments in 2016 have increased by 8.5% in Europe.

According to the European Central Bank, in 2016 in Europe, 122 billion transactions were made using non-cash payments. 49%, or 59.6 billion, of these transactions were made using payment cards.

The value of the above transactions was 2.9 trillion Euros. A Nilson Report on 2016 discovered that these transactions were made:

• 66% with Visa
• 31% with Mastercard
• 3% with AMEX
• <1% other cards

Options to consider

• See where cost savings can be made in your company
• Include the card payment fees in the total price of your products/services

2. Strong Customer Authentication

PSD2 promotes Strong Customer Authentication (SCA) in online payments by making Two-Factor Authentication (2FA) mandatory². However, do not worry, there is a transition period (keep on reading).

Authentication- the process of checking that the customer making a payment in your webshop is the rightful owner of the card used in the transaction.

2FA is performed by asking the person making the purchase to provide either two of the following:

• The “something known” factor (i.e. card details, a static password, PIN etc.)

• The “something owned” factor (i.e. a one-time password (OTP) which is a series of text sent to cardholder’s registered device; an on-screen QR code that needs to be scanned with the registered device, using, for example, the Google Authenticator app etc.)

• The “something inherited” factor (i.e. a biometric feature such as a fingerprint, face or iris pattern, that is linked to the cardholder’s registered device etc.)

The benefits of SCA

• Customers are protected against theft
• You are protected against fraud- potential chargebacks

Transition period

Although PSD2 has become national law on the 13^th of January 2018, there still is a transition period at least until September 2019. This means that merchants, issuers and acquirers have the possibility of not applying SCA within the transition period. The final deadline for the SCA measure is not certain yet, we will keep you updated on this issue.

The transition period is dedicated to the members of the payment industry to get used to the Regulatory Technical Standards³.

Exemptions from the SCA measure

• Recurring transactions (i.e. in the form of memberships, subscriptions etc.)⁴

• Contactless electronic payment transactions at point of sale (POS) but:

  • a single transaction cannot exceed 50 Euros
  • the total amount of transactions cannot exceed 150 Euros or 5 consecutive transactions without authentication

• Remote electronic payment transactions of low value⁵ but:

  • a single transaction cannot exceed 30 Euros
  • the total amount of transactions cannot exceed 100 Euros or 5 consecutive transactions without authentication

• Customers accessing online the balance of their payment accounts linked to your webshop⁶

• Unattended terminals in road transport and parking

• Payments to self (i.e. when the payer and the payee are the same entity with the same account at the acquirer)

To comply with the SCA measure from PSD2, the best option is to implement 3-D Secure⁷ or Apple Pay.

3-D Secure is a security feature developed jointly by Visa and Mastercard, among others, with the purpose of authenticating the cardholder linked to a purchase. 3-D Secure protects your business against fraud. It shifts the liability to the issuing bank.

Apple Pay is a secure mobile payment and digital wallet service. Customers can pay with their phones without having to enter card and personal information every time they want to make a purchase. The information is stored in the Wallet app.

Clearhaus offers support for 3-D Secure and Apple Pay transactions. See our features.

Read the official PSD2 document. We also recommend you to familiarise yourself with the Regulatory Technical Standards.