Ravelin logo
  • Solutions

    Solutions overview

    Harness the power of your data

    Support and investigations

    Support services for Ravelin

    Online payment fraud

    Account security

    Policy
    abuse

    Marketplace fraud

    3D
    Secure

  • Resources

    Resource Zone

    Deep dives on fraud & payments topics

    API & developer docs

    APIs, glossary, guides, libraries and SDKs

    Global Payment Regulation Map

    Track PSD2 & more with a full report

    Blog

    The latest fraud & payments updates

    Insights

    In-depth guides to fraud, payments & security

  • Company

    About Ravelin

    Discover the story about Ravelin

    Careers

    Join our dynamic team

    Customers

    Read more about our happy customers

    Partners

    Join our partner programme

Log in Contact us
  • Solutions

    Solutions overview

    Harness the power of your data

    Support & investigations

    Support services for Ravelin

    Online payment fraud

    Accept more payments securely

    Account security

    Protect your customer accounts

    Policy abuse

    Stop policy abuse to protect your bottom line

    Marketplace fraud

    Ravelin for marketplace fraud

    3D Secure

    Ravelin 3DS & SDKs

  • Resources

    Resource zone

    Deep dives on fraud & payments topics

    API & developer docs

    APIs, glossary, guides, libraries and SDKs

    Blog

    The latest fraud & payments updates

    Global Payment regulation map

    Track PSD2 & more with a full report

    Insights

    In-depth guides to fraud, payments & security

  • Company

    About Ravelin

    Discover the story about Ravelin

    Careers

    Join our dynamic team

    Customers

    Read more about our happy custmomers

    Partners

    Join our partner programme

Log in Contact us

Ravelin Insights

PSD2 and strong customer authentication

The ultimate guide to PSD2, 3D Secure, strong customer authentication, risk analysis and managing exemptions

Contents

  • What is PSD2?
  • Key changes for online sellers and payment providers
  • How and where will SCA have an impact?
  • What are the consequences for non-compliance?
  • Strong customer authentication explained
  • Exemptions to strong customer authentication
  • Real-time risk analysis technique
  • Fraud rate limits for payment providers
  • The online seller’s wish list for payment providers under PSD2
  • Strong customer authentication with 3D Secure
  • How much does 3DS really impact online payments?
  • Why have 3D Secure acceptance rates improved?
  • How 3D Secure 2 is different
  • Potential issues with 3D Secure 2
  • What is authentication enrichment and why should you do it?
  • How is the AReq message sent?
  • What new data can issuers receive under 3DS2?
  • Why enriching the AReq builds trust with the issuer

Download this page to read offline later...

Download your guide to PSD2

Get your free copy in your inbox now

Get your guide

Download your guide to PSD2

Get your free copy in your inbox now

Get your guide

What is PSD2?

The Revised Payment Services Directive (PSD2) is a set of laws and regulations for payment services in the European Union (EU) and the European Economic Area (EEA). It’s been around for a while - it was passed in 2015 - but the most important aspects for online payments come into effect in stages from 2019 all the way through to 2022.

Why is it necessary?

A lot has happened since PSD1 was passed in 2007. Apple have released 18 versions of the iPhone, scientists have cloned human cells... and Europe’s online payments have been rocked by market developments. Read more detail on the background here and read on for a summary of the major trends...

Increasing online payment fraud in Europe

The European Central Bank (ECB) recorded a 66% increase in card not present fraud (online payment fraud) between 2011-2016, which was the main reason behind why fraud overall increased by 35%. Online fraud now makes up 73% of fraud in Europe and this is steadily rising.

The rise of the API economy

Application Programming Interfaces (APIs) allow different systems to talk to each other. APIs are fundamental to the success of companies like Amazon, Google, Uber, Stripe, Braintree etc. and they’ve supported the creation of whole new business models, including fintechs. APIs will provide the means for banking and payments to become more open.

Unregulated new business models

Since PSD1 there has been growth and innovation in the digital payments market with a whole host of new fintech players. So far, these new business types have not been fully regulated and agreements have been somewhat ad-hoc. PSD2 will provide standards and structure and allow these new companies to access customer bank accounts.

The goals of PSD2

  • Make the European payments market more integrated and efficient
  • Improve the level playing field for payment service providers (including new players)
  • Make payments safer and more secure
  • Protect consumers from fraud

PSD2 is part of a wider legislation which has a whole range of implications for banks, payment providers, third party providers and consumers - more detail on far-reaching effects in this podcast. On this page we’ll focus on the changes to online payments and how they will affect online sellers and payment providers.

PSD2 aims to secure digital payments and expand the financial ecosystem

Key changes for online sellers and payment providers

Strong customer authentication

Most online payments in the EEA will require strong customer authentication. This means two-factor authentication which meets the European Banking Authority (EBA) requirements - we’ll come back to this later.

Payment provider licensing

Any company providing payment services in the EU will require a payment license and be authorised and registered by the EBA.

Opens bank data to third parties

Opening up of bank data to make room for new players, including two new kinds of third party providers (TPPs):

How and where will SCA have an impact?

Under PSD2, strong customer authentication is required on all payer-initiated transactions when both the card issuer and acquirer are within the EEA. If only one of the two is within the EEA, SCA is not required - so a business based in the US with a US bank would not be required to enforce strong authentication. This type of transaction is called 'one leg out'.

Map of global payment flows