PSD2 Introduces New Payments Challenges

Just as General Data Protection Regulation (GDPR) took Europe by storm in the summer of 2018, a new compliance measure of the second Payment Services Directive (PSD2) is about to similarly impact the security of your online transactions. Core to this legislation is the mandate of stronger security measures for any online transactions through the use of multi-factor authentication. While this will add another layer of security to digital payments and digital commerce, it has far-reaching implications for a wealth of organizations – both in Europe and beyond.

Diving Deeper into PSD2's New Mandate

If you aren’t familiar with Strong Customer Authentication (SCA) now, you will be once the PSD2 requirement goes into effect. SCA is the new directive that mandates organizations employ multi-factor authentication following online transactions initiated by the consumer (more on transactions below). In simple terms, the consumer must confirm two of three measures to validate the transaction. The three measures are as follows:

  1. Something only the customer knows (e.g. password or PIN).
  2. Something only the customer has (e.g. code generated by mobile phone).
  3. Something only the customer is (e.g. fingerprint or facial recognition).

Come September 14, 2019, if two of these measures are not validated by the customer, transactions may be declined.

Exceptions to the Rule

As mentioned earlier, Strong Customer Authentication is required for “customer-initiated” transactions. Therefore, any online card payments and all bank transfers must go through this validation for some exceptions. Examples of these exemptions include:

  1. For certain low-risk transactions, determined by the bank or payment provider in real time, SCA is not required. Thresholds are set based on fraud rate (0.13% to exempt transactions below €100; 0.06% to exempt transactions below €250; 0.01% to exempt transactions below €500) and applied to each individual transaction.
  2. Payments below €30 qualify for exemption, but could change depending on the frequency of these “low-value” transactions.
  3. Recurring payments or automatic bank transfers may require an initial authorization, but subsequent payments will be exempt.

Who’s at Risk?

PSD2 notes that only transactions made by consumers who bank in the EU purchasing from retailers that use EU payment processors are impacted. So which organizations need to be wary of this?

  1. Every European retailer must use SCA.
  2. Every international retailer selling locally in Europe must use SCA.

You now have less than two months to ensure that SCA is incorporated into your business’ digital commerce experience. More importantly, you have less than two months to ensure that SCA becomes a seamless part of the user experience for all users regardless of device, bank, and more. Even if you’re up and running already, achieving the necessary test coverage to deliver a quality experience is an ongoing challenge. Fortunately, Applause can help.

Testing Payments in the Wild

The biggest challenge to payment testing and validating SCA is gaining access to the right testers and devices in the right locations with the required payment methods. Particularly for U.S.-based retailers that sell in the EU, leveraging European testers is a significant challenge – even more so when you need to make real transactions and do so on short notice.

Custom Testing Teams

Applause gives retailers on-demand access to the Applause Community to test the payment flows that they need to validate. Testing teams are not only customizable by demographic, but also by attributes like which banks and devices they use. This allows for a far more localized experience with insight from those who represent your ideal customer profile.

Expanded Device Coverage

With every device providing its own experience and own unique SCA options (biometric support varies by device), having access to any of those options and the extra bandwidth to test a large majority of those options is invaluable. Everyone should experience the same flow without any friction, so the ability to cover a broader device base will make a big difference.

Real-World Testing

You can test your digital experience through simulated environments, but nothing can replicate the value of testing in the real world. Users provide perspective and critical feedback that are irreplaceable to the quality of the end user’s experience. Especially when consumer security and potential fines are at risk, it is imperative to understand exactly how your experience will work in the real world.

Strategic Testing Expertise

You don’t have all of the answers when it comes to SCA testing, but that shouldn’t keep you in the dark. We work closely with your development and payment teams to ensure you are set up for testing success. Everything from assessing your current status to building a comprehensive test plan to recruiting the in-market testers to execute on that plan can all be managed by Applause. When time is of the essence, having a team in place to help navigate your way forward is invaluable.

When it comes to the security of your customers’ money and data, there is no room for error. Ensure you don’t fall short of PSD2 mandates by rethinking your testing strategy. The more thorough you are today, the happier your customers will be tomorrow and beyond.

Want to see more like this?
Jay Selig
Reading time: 5 min

How to Assess Testing Resource Allocation

If you can’t measure the value of your efforts, you can’t explain or even justify your testing investment

Using Questionable Datasets to Train AI Could Come With High Costs

As companies look to capitalize on AI development, they must stay mindful of how they source training data — AI algorithms developed from private or non-consensual data may cost businesses in the long run.

Why Payment Testing is a Constant for Media Companies

Simulated transactions and pre-production testing won’t ensure friction-free subscriber payment flows

How Mobile Network Operators Can Leverage e- and iSIMs

We explain what e- and iSIMs are, what they mean for the industry and how MNOs and MVNOs can leverage them to their advantage.

Jumpstart Your Software Testing Education

Testers have a variety of options to upskill and grow professionally

The Future of Generative AI: An Interview with ChatGPT

We ask ChatGPT about where it sees itself in the future, what needs to happen for it to get there and how Applause can help.