The subject of online security for payments has never been out of the spotlight but in the last year there’s been an even greater focus. This is because PSD2 came into force across the European Union.
The Second Payment Services Directive, PSD2, may not be something that consumers are aware of but for businesses, it’s meant big changes. Here’s an overview of PSD2 and what it means for you as the customer.
What is PSD2 all about?
PSD2 follows on from the original Payment Services Directive which was issued in 2007. Taking the same principles, the legislation goes even further to provide safe and secure ways to make online and cross-border payments.
Part of this included removing the bank’s monopoly on holding information, allowing merchants to obtain authorisation to complete transactions themselves. This cuts down on the potential for third party surcharges and costs.
Included in this new release of information is the ability for consumer services that hold all the financial information in one place. This allows customers to view all of their finances from different sources together, such as within a comparison portal.
However, it’s not just about providing better access and reducing costs. A large part of the legislation focuses on transparency and improved security for making payments online. A special emphasis is given to those which cross international borders, moving from one EU country to another.
Although not every aspect of PSD2 has yet been finalised, it passed into effective law in January 2018. Therefore, Brexit won’t prevent this law from being enforced in the UK.
Understanding customer authentication
Although the idea behind PSD2 is to make the process of online payments much smoother and easier, security is at the heart of the legislation too. Payments which cross national borders should be just as simple and safe as domestic transactions; this legislation seeks to harmonise the process.
Part of PSD2 calls for “strong customer authentication” (SCA) which means that the process of providing authority for every transaction must be robust. There are a variety of ways in which this can be achieved but examples of the standards expected have been laid out.
The variations on each of the options are extensive but essentially, a number of different components must be utilised every time authorisation is required. Having a simple password and login is no longer sufficient.
Instead, the preferred route – and one which Visa has chosen – is a one-time password. This means that every time a transaction is completed a new password will be generated which must be entered and verified. This extra layer of security provides safeguards over the transactions and can be achieved in a number of different ways, such as SMS or email.
Choosing the safest options
Lots of work has been done behind the scenes to comply with the requirements set out in PSD2, and provide customers with the ease of access that the legislation demands. We’ve chosen to follow the same path as Visa and use one-time passwords for all transactions too. We believe this offers the best combination of convenience and security, providing the maximum protection without disrupting the ability to easily make online payments. Undoubtedly this area is one which will continue to evolve and develop, and we will continue to stay ahead of the pack in offering our customers the safest and most secure payment facilities that they can really trust.