PSD2 and Strong Customer Authentication

What you need to know about PSD2 and Strong Customer Authentication.

What you need to know and what it means for merchants that want to implement Amazon Pay

PSD2 is a revision and a replacement of the first Payment Services Directive, regulating all payment services across the European Union (EU) and European Economic Area (EEA). It became effective in January 2018 aiming to create a more open, competitive payments landscape across Europe. The revised directive introduced Strong Customer Authentication (SCA) – a set of new requirements for authenticating online payments that will become mandatory on 14 September 2019.

What does SCA mean for me and my online shop?

As of 14 September, transactions that require SCA but do not meet the authentication criteria may be declined by the buyers’ banks. It is therefore important to ensure that your checkout and all enabled payment methods can handle SCA challenges. Presenting an authentication challenge in your checkout experience equates to an extra step in the flow which leads to friction and may increase cart abandonment. Keeping the amount of authentication requests to a minimum is therefore key to keeping your abandonment rates low.

How does SCA work exactly?

SCA will apply to customer-initiated, online card payments where both, the business and the card holder’s bank are located in the EEA region. This means that it will impact all businesses accepting payments online in the EU and the UK, even after the UK departs from the EU. SCA will require payments to be verified by the customer during checkout using at least two of three possible methods:

  • Something the customer knows - such as a password
  • Something the customer possesses - such as a token or a mobile phone
  • Something the customer is or that is unique to a specific person - such as a fingerprint

The most commonly used mechanism for card payments is 3DSecure. Customers know 3DSecure under the name of “Verified by Visa” or “Mastercard Identity Check”.

Are there exemptions from SCA?

Specific exemptions exist for certain transactions deemed as low risk. Applying these exemptions during checkout will allow card issuers to make accurate decisions whether an SCA challenge is required or not. Reducing the number of verification challenges to a minimum will help you to smoothen your checkout experience and retain high conversion rates.

Amazon Pay’s integral checkout solution has been adapted to handle the entire SCA authentication process. It automatically applies all applicable exceptions for each type of business and transaction.

What is the advantage of using Amazon Pay?

Amazon Pay is part of Amazon, which, as an e-commerce business like you, is also affected by the upcoming authentication requirements. Together with the rest of the business we have worked intensively on developing technology that supports SCA whilst providing a frictionless user experience. Amazon Pay uses the same exceptions and gives your customers access to the same checkout flow available on Amazon’s marketplace. Over that past year Amazon has been in close contact with all credit card issuers and card networks across Europe to understand their approach to SCA, and we have built the latest version of Amazon Pay based on the knowledge and insights we gained from those conversations. If your customers are unwilling or unable to validate their card transactions the Amazon Pay account offers them options to still complete the purchase with alternative payment instruments so you do not lose out on business.

I have already implemented Amazon Pay. How can I upgrade my integration to a version that supports SCA?

We have added SCA capabilities to many of the existing plugins that offer Amazon Pay. Simply visit the PSD2/SCA upgrade page on our website to find step-by-step guides on how you can upgrade your respective solution.