The European Commission is adopting the Payment Services Directive 2 (PSD2), which represents a major policy development set to impact the European payments industry by introducing stronger authentication practices.
According to a recent study by the EHI Retail Institute (in German) many online retailers favour strong authentication for security reasons, but don’t want to see a drop in conversion and having an easy to use checkout process is still ranks as the most important factor.
With European online trade set to reach €180 billion and grow by almost 20%, the importance of e-commerce is increasing with more customers preferring to purchase on the web and the increase of online shops being established. Due to this rapid growth, a new payment service directive of the European Banking Authority was published to enhance security for online payments.
In short the new PSD2 aims to:
- Further standardise and streamline processes for online payments across Europe
- Align charging and steering practices across the EU
- Ensure consistent adoption of PSD2 across the EU with clear minimum requirements for member states
- Bring emerging types of payment services within regulation
- Until PSD2 takes effect, the EBA has established the “Guidelines on the security of internet payments” which will be introduced by November 2015
But what does that mean for online merchants:
- Online merchants, who save, use or send sensitive payment data, have to cooperate with the acquirers and prosecuting authorities in case of critical IT security issues
- Security requirements for networks, websites, server and communication services need to be fulfilled
- Online merchants have to have solutions, which enable the card issuer to process strong authentication of the card holder when making online payments
The core of the directive is having a strong security measure in place to keep consumers safe online. This could be, for instance “two-factor authentication”, which allows consumers to be better protected by choosing minimum of two out of three identifiers when paying online:
- a personal password
- the card number
- a biometric characteristic (e.g. fingerprint)
This should bring a secure authentication and protect consumers from online fraud. However, many merchants are worried that the checkout process gets extended and more complex.
How does authentication look like?
One already prevalent solution is 3-D Secure (Three-Domain Secure), a security protocol to prevent fraud in online credit and debit card transactions. The solution is offered by the credit schemes and ensures the customer is actually the credit card holder by allowing them to assign a username and password to their card. The main benefit for merchants is that it helps reduce fraudulent transactions and chargebacks.
The card schemes, such as Visa and MasterCard already work on solutions that fulfil the new directive, but still allow for a quick and easy checkout experience. To stay updated on the latest developments, be sure to follow us on Twitter @PAYMILL
Want to test out your online payments security knowledge? Head over to our website, to take our security quiz.