The Revised Payment Services Directive (PSD2) will require Strong Customer Authentication (SCA) for many online payments made by European customers. Strong Customer Authentication means that a payment must be authenticated by two out of three things: something you know, like a password, something you own, like your phone, and something you are, like a fingerprint.
PSD2 was originally scheduled for implementation on 14 September, 2019, but the deadline was extended by 18 months. SCA is now expected to be fully enforced by 31 December 2020 for most European cards, and by 14 March 2021 for UK cards. Banks may start declining some non-authenticated payments starting in March 2020.
This page is not a comprehensive guide to PSD2 and SCA. You can find many more detailed guides on the web. This page shows the readiness status of the various payment gateways used by Payage. If you have any information that would be useful here, please contact us.
For payment solutions where the user is redirected to a payment page on the payment gateway site (a hosted payment page), the payment gateway can upgrade the payment page to fully deal with the requirements of PSD2 and SCA without any involvement on the part of the merchant. This applies to PayPal and most of our other gateways.
For solutions where the user remains on your site and pays in a popup window, the situation is more complicated. Now, the payment gateway must engage in additional dialogues with the customer, on a non-PCI compliant site. Stripe have decided not to upgrade their popup solution and instead have introduced a new solution using a hosted payment page. Authorize.Net have also stated that they will not support PSD2 and will migrate accounts to CyberSource instead. We still do not know the status of the WorldPay Online gateway and will continue to search for information about it.
|PayPal has has lots of information about PSD2 and SCA. While the integration used by Payage, "Website Payments Standard", is not mentioned specifically, we believe that the information provided implies that the online checkout page will be upgraded as required.|
|Stripe has has lots of information about PSD2 and SCA. The original integration used by Payage, Stripe Checkout is NOT PSD2 compliant. If you use Payage with Stripe in Europe you must upgrade to the "Stripe New Checkout" gateway addon.|
|Stripe New Checkout is a hosted payment page solution that is fully PSD2 compliant. Upgrading is easy. Please download the latest Payage user guide for more details.|
|As detailed here, Authorize.net will not be supporting PSD2. Their recommendation is for merchants to migrate to CyberSource. However, as detailed here, CyberSource's small business platform is Authorize.Net. We cannot find a PSD2 compliant small business solution for this gateway.|
|Barclaycard has lots of information about PSD2 and SCA. We haven't found anything specific about the integration used by Payage, "Barclaycard ePDQ Essential", but since it is a hosted payment page, we assume that the payment page will be upgraded.|
|Mollie has information about PSD2 here. The payment pages are now fully PSD2 compliant.|
|SagePay has committed to upgrading their gateway to support PSD2 "in a way that minimises the changes our customers need to make".|
|WorldPay has lots of information about PSD2 and SCA. There is no information specifically about the HTML Redirect Integration but since it is a hosted payment page, we assume that the payment page will be upgraded.|
|We have not found any information about the PSD2 compliance of the WorldPay Online integration which is a "popup" form, not a hosted payment page.|
|We don't think that payments with Bitcoin are affected by PSD2.|
|As far as we know, manually managed payments by cash, cheque, or bank transfer are not affected by PSD2.|