[intro]When you have completed this Guide, you’ll understand what PSD2 is, how it works, what it involves and what you need to do as an EKM online shop owner.[/intro]
What is PSD2?
The EU’s second revision of the Payment Services Directive (PSD2) is a set of changes that regulates electronic payments throughout the EU. These new security requirements will impact online shops accepting card payments.
What does it do?
Basically, PSD2 enables you, as a customer or a business, to use third-party platforms - such as Facebook or Google, for example - when managing your finances. The whole point of this legislation is to make consumer banking data available - with the consumer’s permission of course - to third parties. This is done using an API, allowing third party developers to create the functionality for platforms to accept card payments without using traditional banking networks.
Is PSD2 secure?
Yes - with API access, the legislation also involves the implementation of strict security requirements to reduce the risk of fraud. Most payments will need at least two forms of authentication to process a payment from your bank account.
What kind of authentication is needed?
Examples of authentication includes passwords, a one-time security token sent to a device such as your tablet, and fingerprints.
When does it come into effect?
Card Issuers have started implementing PSD2 from April 2019, but it does not become compulsory until 19th September 2019.
What is EKM doing to prepare?
We’re already in the process of checking all of the Payment Gateways that integrate with the EKM online shop platform to ensure that are all compliant with PSD2 legislation in time for September.
As an EKM online shop customer, what do I need to do?
At the moment, all you need to do is save this page in your browser’s bookmarks and check back regularly. We’ll be updating it on a regular basis as we approach September 2019.
19th August 2019 - The Financial Conduct Authority (FCA) have agreed an 18 month extension to implement Strong Customer Authentication (SCA) after the European Banking Authority expressed that more time was required to ensure that the relevant parties were prepared. The FCA will not take enforcement action against parties that don't meet the requirements for SCA after 19th September 2019 where the parties can provide evidence that they at least have begun to set up the process to comply. At the end of this 18 month extension period, it is expected that all parties will have implemented the relevant changes to be SCA compliant.