The Revised Payment Services Directive (PSD2) requires Strong Customer Authentication (SCA) for online payments made by European customers. Strong Customer Authentication means that a payment must be authenticated by two out of three things: something you know, like a password, something you own, like your phone, and something you are, like a fingerprint.
PSD2 was originally scheduled for implementation on 14 September, 2019, but the deadline was extended by 18 months. SCA is now expected to be fully enforced by 31 December 2020 for most European cards, and by 14 March 2021 for UK cards. Banks already decline some non-authenticated payments.
This page is not a comprehensive guide to PSD2 and SCA. You can find many more detailed guides on the web. This page shows the readiness status of the various payment gateways used by Payage.
For payment solutions where the user is redirected to a payment page on the payment gateway site (a hosted payment page), the payment gateway can upgrade the payment page to fully deal with the requirements of PSD2 and SCA without any involvement on the part of the merchant. This applies to many of our gateways.
For solutions where the user remains on your site and pays in a popup window, the situation is more complicated. Now, the payment gateway must engage in additional dialogues with the customer, on a non-PCI compliant site. Stripe decided not to upgrade their popup solution and instead introduced a new solution using a hosted payment page. Here's what we know about the gateways we support:
|PayPal has has lots of information about PSD2 and SCA. While the integration used by Payage, "Website Payments Standard", is not mentioned specifically, we believe that the information provided implies that the online checkout page will be upgraded as required.|
|Stripe Checkout is a hosted payment page solution that is fully PSD2 compliant. Stripe has has lots of information about PSD2 and SCA.|
|The original integration used by Payage, Stripe Checkout - Legacy Version is NOT PSD2 compliant, and this Payage gateway is deprecated. If you use this gateway you must upgrade to the "Stripe Checkout" gateway. Upgrading is easy. Please download the latest Payage user guide for more details|
|As detailed here, Authorize.net does not support PSD2. Their recommendation is for merchants to migrate to CyberSource. However, as detailed here, CyberSource's small business platform is Authorize.Net. There appears to be no solution.|
|Barclaycard has lots of information about PSD2 and SCA. We haven't found anything specific about the integration used by Payage, "Barclaycard ePDQ Essential", but since it is a hosted payment page, we assume that the payment page logic has been or will be upgraded.|
|Mollie has information about PSD2 here. The payment pages are now fully PSD2 compliant.|
|SagePay has committed to upgrading their gateway to support PSD2 "in a way that minimises the changes our customers need to make".|
|WorldPay has removed its earlier information about PSD2 and SCA. We assume that the HTML Redirect integration is compliant but we have not been able to find any explicit confirmation.|
|WorldPay has removed its earlier information about PSD2 and SCA. We assume that the WorldPay Online integration is compliant but we have not been able to find any explicit confirmation.|
|We don't think that payments with Bitcoin are affected by PSD2.|
|Manual payments by cash, cheque, or bank transfer are not affected by PSD2.|