PSD2 overview

PSD2 is an extensive revision of the Payment Services Directive regulations for the European Economic Area and the United Kingdom. It took effect on:

• March 14, 2022 for the United Kingdom.

• December 31, 2020 for the rest of the European Economic Area.

Objectives

The objectives of the PSD2 legislation include:

• Standardize regulations and integrate the market for payment services in the European Economic Area and the United Kingdom.

• Ensure fair competition and transparency.

• Open payment services ecosystem and reduces bank monopoly on their customer’s data. It will allow third-party service providers to retrieve customers' account data from the bank with account holders' consent.

Scope

PSD2 applies to the online transactions where both the issuing and acquiring banks are located within the European Economic Area and the United Kingdom. See the latest update in this Community post for more information.

Benefits of SCA

SCA can introduce the following direct and potential benefits to your business:

• Reduce the risk of fraudulent transactions.

• Lower the chargeback rate because of the increased authorization approvals.

• Lower the customer churn rate by providing a secure environment with minimal impact on customer experience.

• Increase customers' confidence in online transactions.

SCA exemptions

SCA is made a requirement for all online transactions by PSD2. However, some exemptions are applicable to a given payment attempt, which means end customers may not need to provide additional authentication for their transactions.

Typical exemption use cases include:

Low-risk transactions

After carrying out transaction risk analysis (TRA), the acquirer or issuer decides that the transaction does not need to be challenged. TRA may be applied to transactions up to €500.

Low-value transactions

The exemption applies if the transaction value is less than €30. But the issuer must keep track of the accumulated amount and the number of transactions. The issuing bank must overrule the exemption once a card exceeds a certain threshold.

Recurring payments

The SCA exemption applies to a series of transactions of the same amount made to the same business. SCA will be required for the customer's first payment, and the subsequent charges may be exempted.

Trusted beneficiaries

Cardholders have the option to whitelist merchants as a “trusted beneficiary” when completing authentication for a payment. The issuer or payment service provider will not require strong customer authentication on subsequent payments for the same merchant. This exemption depends on if the issuing bank has adopted the whitelisting feature.

Merchant-initiated transactions

Merchant-initiated transactions (MITs) are the transactions that are initiated using the previously stored card information when the cardholder is not present. Technically, MITs are out of the scope of SCA. However, submitting an MIT is considered to be requesting an SCA exemption in practice. Like other transaction, it is still the bank who should determine whether authentication is needed.

Zuora's support for PSD2

Zuora integrates with different payment gateways and processors, and provides PCI compliant hosted Payment Pages. For more information, see Zuora’s implementation of 3D Secure 2.0 .