Les Arbres Web Solutions

The Revised Payment Services Directive (PSD2) requires Strong Customer Authentication (SCA) for online payments made by European customers. Strong Customer Authentication means that a payment must be authenticated by two out of three things: something you know, like a password, something you own, like your phone, and something you are, like a fingerprint.

PSD2 was originally scheduled for implementation on 14 September, 2019, but the deadline was extended by 18 months. SCA is now expected to be fully enforced by 31 December 2020 for most European cards, and by 14 March 2021 for UK cards. Banks already decline some non-authenticated payments.

This page is not a comprehensive guide to PSD2 and SCA. You can find many more detailed guides on the web. This page shows the readiness status of the various payment gateways used by Payage.

For payment solutions where the user is redirected to a payment page on the payment gateway site (a hosted payment page), the payment gateway can upgrade the payment page to fully deal with the requirements of PSD2 and SCA without any involvement on the part of the merchant. This applies to many of our gateways.

For solutions where the user remains on your site and pays in a popup window, the situation is more complicated. Now, the payment gateway must engage in additional dialogues with the customer, on a non-PCI compliant site. Stripe decided not to upgrade their popup solution and instead introduced a new solution using a hosted payment page. Here's what we know about the gateways we support:


PayPal has has lots of information about PSD2 and SCA. While the integration used by Payage, "Website Payments Standard", is not mentioned specifically, we believe that the information provided implies that the online checkout page will be upgraded as required.

New Checkout
Stripe New Checkout is a hosted payment page solution that is fully PSD2 compliant. Stripe has has lots of information about PSD2 and SCA.

Legacy Checkout
The original integration used by Payage, Stripe Checkout is NOT PSD2 compliant, and this Payage gateway is deprecated. If you use this gateway you must upgrade to the "Stripe New Checkout" gateway. Upgrading is easy. Please download the latest Payage user guide for more details
As detailed here, Authorize.net does not support PSD2. Their recommendation is for merchants to migrate to CyberSource. However, as detailed here, CyberSource's small business platform is Authorize.Net. We cannot find a PSD2 compliant small business solution for this gateway.
Barclaycard has lots of information about PSD2 and SCA. We haven't found anything specific about the integration used by Payage, "Barclaycard ePDQ Essential", but since it is a hosted payment page, we assume that the payment page will be upgraded.
Mollie has information about PSD2 here. The payment pages are now fully PSD2 compliant.
SagePay has committed to upgrading their gateway to support PSD2 "in a way that minimises the changes our customers need to make".

Redirect
WorldPay has lots of information about PSD2 and SCA, but we can't find any information specifically about the HTML Redirect integration. Magento have deprecated this gateway due it being out-dated and possibly insecure. We continue to search for information.

Online
WorldPay has lots of information about PSD2 and SCA, but we can't find any information specifically about the WorldPay Online integration.
We don't think that payments with Bitcoin are affected by PSD2.
As far as we know, manually managed payments by cash, cheque, or bank transfer are not affected by PSD2.