Recent changes in the law with the introduction of the Payments Services Directive 2 (PSD2), has meant we will now need to incorporate 3D Secure into all online payments. For this to occur we will need to add the 3D Secure service to all merchants who process card payments online through our EcomMerchant gateway. This change will be at no extra charge to the merchant and instead will be included in their monthly charges.  The changes will mean a reduction in online fraud and will enable merchants who process online transactions to obtain a liability shift resulting in your acquiring bank underwriting any potential losses you experience through online fraud. It will also mean you avoid ‘non-secure’ fees for ECOM transaction levied by your acquiring bank (typically between 0.5% to 0.85%). This changes does not affect merchants who use our service for MOTO only transactions.

What is PSD2 ?

By now, you should have received contact from your acquiring bank (who supply your Merchant Account) regarding this new directive. Payments Services Directive 2 (PSD2) follows on from Payment Services Directive (PSD), which was imposed by the EU in 2007. This legislation established a single market for EU payments to champion the creation of more secure and advanced payment services. One of the key aims of PSD2 is the introduction of SCA (Strong Customer Authentication).

What is SCA ?

SCA (Secure Customer Authentication) will have a significant impact on how all merchants take card payments online from their customers (purchasers). In order to make an online payment, transactions will need to be processed and authenticated in line with the new Regulatory Technical Standards (RTS). This means that 3D Secure version 2 must be used during the payment process.

What is 3D Secure ?

3D Secure (version 1) has been around for over ten years and is a mechanism set up by the card brands and banks (e.g. Verified by Visa, MasterCard SecureCode, American Express Safekey) to provide additional online security for online transactions. With 3D Secure the card holder will either enrol with their card issuer or be enrolled automatically and any online transactions made will be either authenticated automatically by the card issuer (using risk assessment based on purchase price, transaction history, spending patterns etc) or by password authentication by the cardholder.

The new version of 3D Secure (version 2) is now in operation and has superceded the previous version.  It makes authentication stronger and more secure by imposing a two-factor authentication requirement. This means that it all online payments will require two out of three possible security checks before a payment can be authorised. This new version uses over 100 data points to help determine if a transaction is deemed valid or not. In principle, the authentication would be two out of three of the following:

Something you own (Mobile phone, wearable tech, Smart card/keypad etc)

Something you know (Password, passphrase, PIN, security question etc)

Something you are (Facial recognition, fingerprint, iris scan etc)

Will I automatically be upgraded from 3D Secure version 1 to version 2 ?

Yes, and all merchants have been upgraded during 2022.  Any new merchants will no longer be enrolled for 3D Secure version1 and instead will be automatically enrolled for version 2 if they intend on taking payments online.