PSD2
This article previously contained information regarding 3-D Secure v2. This information has been moved to a new article.
PSD2
PSD2 is an EU directive that specifies mandatory requirements and guidelines for online payments.
In short, PSD2 should help increase the security of online payments by making Strong Customer Authentication (eg 3-D Secure) required for the vast majority of transactions.
Slightly simplified - as there are a lot of exceptions and additions - there must be SCA on the following payments as required by PSD2;
- Payments above 30 euros (approx. DKK 225)
- Creation of Subscriptions (but not subsequent recurring payments)
- Creation of Saved Cards
- Subsequent withdrawals on a “Saved Card” if the cardholder is present. For example by “1-click payments”, where the card information is saved by the shop, to make the checkout flow easier.
For subsequent withdrawals from “Saved Cards” where the cardholder is NOT present, SCA will not be required. This could for instance be used when automatically recharging a mobile phone subscription, where the withdrawals aren’t scheduled.
Subscriptions
All subscriptions must be created with SCA and thus 3-D Secure.
For subsequent withdrawals, no SCA will be required.
Subscriptions created before PSD2 takes effect will not be affected.
Saved Cards
Creation of Saved Cards must be completed with SCA and thus 3-D Secure.
However, for subsequent withdrawals from Saved Cards, it gets a little more complicated;
Cardholder is not present - Subsequent withdrawals from Saved Cards where cardholder is NOT present. It could, for example, be an automatic recharging of a travel card or BroBizz where automatic payments are made, but where the withdrawals are not scheduled and it therefore isn’t a subscription.
In this case subsequent withdrawals will take place as it currently does, ie. the cardholder does not need to take any further action after the card initially is saved with SCA.
Cardholder is present - However, subsequent withdrawals, where the cardholder is present, will require the cardholder to go through 3-D Secure again.
This could for example be when a shop stores the customer’s card information, so that the customer does not have to enter them for subsequent purchases. After implementation of PSD2, this will still require the cardholder to be sent through the 3-D Secure flow.
This will initially not be supported by Quickpay. The advantage of storing cards in the store is significantly reduced when the cardholder still has to go through 3-D Secure, and it is therefore not initially a priority to support this flow.
Until it is supported again, it is recommended to stop using Saved Cards for this scenario. And instead, send the customer through a regular payment each time.
