Introduction
The Payment Services Directive 2 (PSD2) is a directive from the European Commission that requires Strong Customer Authentication (SCA) to be applied for all electronic commerce (eCommerce) transactions.
- It will affect all businesses based or serving customers in the European Economic Area (EEA) that accept card payments.
- These laws introduce security measures called two-factor authentication to keep customers safer when making payment transactions online. This is an industry-wide change.
- Businesses must upgrade their payments infrastructure to support two-factor authentication. This provides all parties involved in the eco-system with enhanced data, leading to better quality authorisation decisions.
- Elavon’s SCA solutions use the latest technology to enable real time risk analysis that can create a frictionless experience for your customers.
- The increased levels of security and control will directly benefit customers and increasing their trust and confidence while shopping online.
From 2017 to the end of 2018 losses through card fraud in the UK increased by 19% – costing businesses around 760 million euros.[i]
[i] https://www.statista.com/statistics/911873/value-of-losses-to-card-fraud-in-europe-by-country/
Strong Customer Authentication
Strong Customer Authentication (SCA) means that banks must confirm the cardholder as being the genuine owner of the payment card before they approve the transaction.
To prove that they are the genuine owner of the card, cardholders must provide at least two out of three possible authentication factors to their bank when requested.
Authentication factors
These can include any combination of two of the following:

Knowledge – this refers to something only the cardholder and their bank knows.
A passcode or memorable information is already the industry method used to satisfy this requirement.

Possession – this is something the cardholder has which is recognised by their bank.
A key fob or phone automatically satisfy this requirement.

Inherence – this is something unique to the cardholder and verifiable by their bank.
A fingerprint, facial and voice recognition, or an iris scan are examples of factors that will increase in use and availability over time as the technology evolves and matures.

Engage with your payment gateways
to implement the latest version EMV 3D Secure
Implementation period
The European Banking Authority recognised the complexity and challenges of implementing this directive within the payments environment and has extended its original deadline. The new deadline for eCommerce compliance is 31 December 2020 in Europe.
In the UK, the Financial Conduct Authority has granted some flexibility until 31 March 2021.
The additional time is needed to ensure that all stakeholders in the ecosystem; banks, acquirers, gateway providers and merchants are able to equip themselves with the relevant tools to fully implement PSD2. They must deliver on time and minimise impact to consumers.
Merchants should take full advantage of the migration period. You must continue to work with your solution providers and vendors to ensure that the industry standard EMV 3D Secure protocols are in place, to enable two-factor authentication of your customers by their banks.
EMV 3D Secure
EMV 3D Secure is the standard protocol for SCA when accepting payments over the internet. It helps to reduce fraud and cart abandonment, whilst seamlessly supplementing existing data with additional information.
Upgrading to the latest version will allow you more flexibility as the merchant. As well as providing the traditional shift in liability expected when applying EMV 3D Secure.
EMV 3D Secure |
2.1 |
2.2 |
---|---|---|
SCA for connected devices and web purchase |
X |
X |
Non-payment authentication scenarios, such as payment card on-boarding to merchant apps |
X |
X |
Provides for all available SCA exemption types |
|
X |
Europe specific scenarios in support of PSD2, such as trusted beneficiary and delegated authentication |
|
X |
Biometric consumer user experience |
|
X |
Get ready to start authenticating with the latest available version of the EMV 3D Secure framework. Commence planning with your payment gateway provider to migrate to the latest version EMV 3D Secure as it becomes widely available during 2020.
These upgrades will enable you to benefit from the maximum possible range of exemption types as they are released into the marketplace.
Benefits of upgrading to the latest version of EMV 3D Secure
- Increased cardholder confidence when transacting with your business
- Reduced fraud and chargebacks – liability protection
- Prevention of unauthenticated transaction declines
- Improved risk based decisions leading to higher approval rates
- Full support for all available exemption types and payment device types

Liability shift
Once you commence using EMV 3D Secure for authentication (provided that the liability shift date for your region is in effect) there is minimal risk of chargeback to your business.
Activation dates for liability shift are variable based on network and geographical region. Check with your gateway provider on the dates for your region.
How it Works

What does this mean for your customers?
- A customer wants to make an online purchase using their desktop, laptop, mobile phone, or other digital device and goes to your checkout page.
- To complete the transaction, they can choose their verification method or follow their issuer’s chosen method.
- They simply need to follow the instructions to complete their purchase.
What does it mean for you as a merchant?
The new rules mean that most online transactions will require enhanced SCA to be performed, unlike today where you can choose whether to apply SCA or not.
We recommend that you apply the latest version of EMV 3D Secure as soon as possible.
Action: Engage with your payment gateways to implement the latest version EMV 3D Secure

The new deadline for eCommerce compliance in the EU is 31 December 2020.
How can Elavon help?
Elavon has a reputation of technical capability and robust business practices. We have a strong geographic footprint and excel with technical integrations and compliance. We continue to work with scheme and issuers to ensure PSD2 compliance. PSD2 offers a number of opportunities for Elavon to excite and amaze our customers with our payments expertise and consultancy services.
Rely on us to support you through this period of change with world class solutions and guidance.
Speak to your Relationship Manager for more details.
We make it possible. You make it happen.
[1] https://www.statista.com/statistics/911873/value-of-losses-to-card-fraud-in-europe-by-country/
Download your PSD2 Practical Impact Guide for eCommerce