Understanding what PSD2 and SCA mean for your business

What is the Second Payment Services Directive (PSD2)?

PSD2 is an EU regulation that aims to improve the security of customer-initiated card payments by introducing Strong Customer Authentication. 

What is Strong Customer Authentication (SCA)?

SCA requires that a customer is authenticated through at least two independent factors when making a card payment:

• Something the customer knows - e.g a PIN or password
• Something the customer has - e.g a mobile phone or card reader.
• Something the customer is - e.g facial recognition or a fingerprint. 

What types of transactions will be affected?

The regulation applies to most card transactions, with a number of key exceptions:

• Online card payments below €30. Additional security will be required if the customer makes more than five consecutive low value payments or if the cumulative value exceeds €100.
• Contactless face-to-face transactions below €50. The cumulative limit of consecutive transactions is €150 and the number of consecutive transactions is limited to five.
• Mail and telephone orders (MOTO) via a virtual payments gateway 
• Recurring payments such as subscriptions made to the same business for the same amount. Strong Customer Authentication will be required for initial set up. 

What does this mean for my customers?

Your customers will be prompted to provide additional information when making certain card payments. 

The two key payment types affected are face-to-face contactless transactions and online payments exceeding the values above.

For customers making online payments, they'll go through two-factor authentication via their bank. When this happens, they’ll be asked to enter a password or a one-time secure code. 

How does this affect my business?

All businesses accepting face-to-face or online card payments need to comply with SCA by 14th March 2022.

The good news is that businesses accepting face-to-face payments through Dojo are already compliant.