Revised Payment Services Directive (PSD2) and Strong Customer Authentication (SCA) for Shopify merchants

If you’re selling in the European Economic Area (EEA), you may have heard about the revised Payment Services Directive (PSD2). It’s a regulatory requirement intended to increase protection against fraud for online purchases, and will have some impact on businesses in the EEA.

Strong Customer Authentication (SCA) requirements officially take effect on 14 September 2019 with enforcement being phased and fragmented across Europe.

What is the revised Payment Services Directive (PSD2)?

The revised Payments Services Directive (PSD2) regulates the payments industry in the European Union. One of the major updates is stronger protection for customers who shop online using their debit and credit cards, which protects you too.

To comply with these new regulations, you’ll need to make sure you have Strong Customer Authentication (SCA) for payments you accept from European buyers to help mitigate card-not-present fraud.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication is similar to what many people refer to as two-factor authentication: if a customer is buying online using their debit or credit card, SCA may require them to use two forms of authentication. As an example, instead of just entering their PIN or password, Strong Customer Authentication would prompt a customer to enter a code generated on their banking app as a second step. This makes it harder for fraudulent transactions to get through.
Customers are asked to enter this information only when it’s required through a technology known as 3D Secure—an extra layer of security that customers have to enter during checkout to authenticate themselves. Your customers will see the 3D Secure indicator start to show up on orders after PSD2 comes into effect.

What does PSD2 mean for Shopify merchants?

If you’re using Shopify Payments in Germany, Ireland, the Netherlands, Spain or the United Kingdom, you don’t need to do anything. You’ll be compliant in time for the September 14th, 2019 deadline automatically.

If you’re using Stripe in Austria, Belgium, Denmark, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxemburg, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, or the UK, you’ll also be fully compliant with PSD2 before the deadline and be able to offer SCA without any changes.

We encourage all merchants on third-party gateways to adopt Shopify Payments or Stripe to make processing payments an effortless experience, even when it comes to compliance.

By the way, you will start seeing orders that have used SCA for payment processing within your Shopify orders page. Orders paid with debit or credit cards will have the 3D Secure logo (3DS) noted beside the order timeline and will be defaulted to low risk. There is no action required for you within the orders page for these transactions.