Payment Services Directive 2 takes effect on September 14. It was accepted by the European Parliament in 2018. This directive affects the payment process in the European Union. Today we will explain what is PSD2, how it will change e-commerce and Magento world.
What is PSD2?
PSD2 is a new version of the Payment Services Directive which is in force in the EU since 2007. But the old directive doesn’t include enough rules for online payments, and the new edition will correct it and make them safer, protect customers, and stimulate competition among banks and payment organizations.
The main change is that PSD2 allows bank customers to give third-party companies (AISP and PISP) access to their bank account data via API. And these companies can make payments on behalf of customers.
Also, PSD2 will protect customers via Strong Customer Authentication (SCA):
- Knowledge - the information that is available only for a customer, such as a password or PIN code;
- Property - something that belongs to a client, for example, credit card or phone;
- Existence - some biometric info about a user like a fingerprint, facial recognition, etc.
According to the latest changes, minimum two of them should be used in a transaction over €30.
PSD2 regulation affects banks, payment organizations, businesses, and customers. Below we consider changes in the business branch.
PSD2 and e-commerce
You need to be prepared to offer your buyers modern and safe payments to minimize the negative impact on your e-commerce business.
You should use SCA or 3D Secure 2.0 for all your transactions even if one of the parties is outside the EU. But there are exceptions:
- Beneficiaries are already authenticated;
- A transaction is under €30;
- Recurring transactions.
Full list of exclusions you can find in the 3-d article of PSD2.
Although the PSD2 regulation should protect users, the additional step of payment can increase the percentage of abandoned carts. But in the long-term run, PSD2 will help to make e-commerce secure and reliable and, as a result, attract more potential buyers.
What you can undertake right now:
- Use eWallet payment methods such as Apple Pay, Google Pay, PayPal, etc. They already include needed two-factor authentication, and they are already familiar to users. So you will offer a smooth payment.
- Mobile optimization. 3DS 2.0 was created for mobile devices. So if your shop is mobile-friendly, you won't get problems with the user experience as the authentication for mobile devices is intuitive and seamless.
3d Secure 1.0 vs. 2.0
You may already use 3D Secure for your store. Now we want to say a few words about this technology and the main difference between 3D Secure 1.0 and 3D Secure 2.0.
3D Secure is a special protocol that was designed to prevent fraudulent activities and provide users with secure online payments by cards. 3DS uses the three-domain model:
- Acquirer Domain is your Magento 2 store, for example.
- Issuer Domain is an issuing bank.
- Interoperability Domain is the infrastructure that supports the 3D Secure protocol. Usually, it is a Payment Gateway.
Let’s take a look at the example to learn how it works.
Your customer wants to buy a T-shirt. He enters the credit card data on the checkout page and clicks the Place Order button. Then the payment process starts. Merchant asks Payment Gateway about 3DS verification. Payment Gateway sends the request to the Bank. The Bank gives verification context, and the Payment Gateway calls for personal identification. This request is chained back to the buyer, and they see the pop-up/redirect page. They usually need to enter an SMS code or unique password. This data is sent back to Payment Gateway and it verifies that the payment was secure. Bank sends an acknowledgment of successful payment to the Merchant via the Gateway. After the transaction is made, you will get a new order in the admin panel, and your customer sees the success page.
As you can see, this process is long and has some disadvantages which the second version of this system is designed to fix. The new method of payment verification uses context data. In this case, the bank will analyze the first and last names, billing addresses, emails, etc. and ask verification only in 5% of high-risk transactions. Today mobile devices do not always display 3DS popups correctly or customers can mix it up with a fraudulent website, this upgraded technology sought to address these problems.
How will PSD2 affect Magento 2 stores?
Magento has already issued PSD2 compliance guide. Here are the main points for different payment systems:
- PayPal: this system is integrated into Magento and already supports 3D Secure 2.0. Just keep using it.
- Braintree: choose the official extension that will add 3DS options before the deadline.
- Authorize.net: if you use the official module, you can be calm. Just don’t forget to update to the latest version 2.3.3+ or 2.2.10+ for Magento 2 SCA.
- CyberSource: the official plugin is compatible with SCA requirements.
- eWay: use the official extension to make your store support 3D Secure, and meet SCA requirements.
So, if you just realized that you aren’t ready yet, and your store needs some security additions, we have a ready solution for you. Keep calm and just read on.
Stripe Payment by Amasty
Stripe is a company that provides safe payments around the world. Stripe already meets the SCA requirements and helps to protect your buyers while meeting the new regulation demands. And our Stripe Payment module is integrated with this payment service.
Stripe Payment allows you to use one solution to add any international and local payment methods through a single API. Here are some examples of how you can use it.
#1. First of all, if you want your customers to feel secure, show the Stripe logo next to the payment method title. Then enable 3DS for all cards that support this technology. Enable Debug Mode to track payment processes and allow Stripe to send emails about successful payments and refunds. This will increase security and customers’ trust levels.
#2. Say, you want to provide your customers with credit card data autofill. There are two options, how you can do it. You can allow customers to save credit card data on Stripe servers. For this, go to Stores>Configuration>Payment methods>Other Payment Methods>Stripe by Amasty and set Ask the customer in the Save Customer Cards graph. Or our module can request payment info from the browser.
#3. Have you ever get the situation, when a customer wants to buy 5 items and you have only 3 of them in stock? Stripe Payment helps you manage this problem with partial invoicing. Go to Sales>Orders and choose the needed order. Click on the Invoice button in the top menu, then scroll to Items to Invoice:
Change the number of items for the invoice and click the Update Qty's button. Then save the changes clicking on the Submit Invoice button.
We hope our article helped you to understand all the nuances which relate to your e-commerce businesses.If you still have questions, feel free to ask them in the comments below.
We will be glad to help you out!