PSD2

The 11th of January 2021 the PSD2 implementation period comes to an end, hereafter payments within EU are imposed on the PSD2 ruleset.

This article previously contained information regarding 3-D Secure v2. This information has been moved to a new article.

The article will be updated on an ongoing basis, so that you always can get the newest guide. At the bottom there will be a list of changes and the date they were made, so it will be possible to keep up.



PSD2

PSD2 is an EU directive that specifies mandatory requirements and guidelines for online payments.

In short, PSD2 should help increase the security of online payments by making Strong Customer Authentication (eg 3-D Secure) required for the vast majority of transactions.

Slightly simplified - as there are a lot of exceptions and additions - there must be SCA on the following payments as required by PSD2;

  • Payments above 30 euros (approx. DKK 225)
  • Creation of Subscriptions (but not subsequent recurring payments)
  • Creation of Saved Cards
  • Subsequent withdrawals on a “Saved Card” if the cardholder is present. For example by “1-click payments”, where the card information is saved by the shop, to make the checkout flow easier.

For subsequent withdrawals from “Saved Cards” where the cardholder is NOT present, SCA will not be required. This could for instance be used when automatically recharging a mobile phone subscription, where the withdrawals aren’t scheduled.

Deadline(s)

On September 14, 2019, PSD2 regulations went into effect. However, in Denmark (and most of the EU) it was “postponed” until January 1, 2021 with a so-called implementation period.

In short, this means that although the regulations have been implemented since September 2019, payments have not been rejected by the card issuers if they were made without SCA.


The Danish Financial Services Authority emphasizes that the implementation period does not change the rules regarding SCA which came into force the 14th of September 2019. This fact is relevant This is relevant to the liability and culpability rules in the Payments Act in the event that Strong Customer Authentication has not been used. Source: Danish Financial Services Authority


However it is solely up to each card issuer (i.e. the banks) when they start requiring 3-D Secure on their payments.

From 1st of November 2020 we have experienced some card issuers require 3-D Secure in a (yet) very limited scope.

The Danish FSA has officially announced that the implementation period now runs until 11 January 2021.

PSD2 and QuickPay

If you use QuickPay’s payment window, you already support the use of 3-D Secure v1

3-D Secure v1 will not be turned off until the new year, and until then you just need to make sure that you have activate 3-D Secure for your payments.

In some cases 3-D Secure v2 will require minor changes in your integration with QuickPay, which you can read more about under 3-D Secure v2.

Under Get ready for PSD2, you can find a specific checklist to ensure that you are ready for PSD2.

Payments

All payments above 30 euro must be verified with SCA and thus 3-D Secure.

Subscriptions

All subscriptions must be created with SCA and thus 3-D Secure.

For subsequent withdrawals, no SCA will be required.

Subscriptions created before PSD2 takes effect will not be affected.

Saved Cards

Creation of Saved Cards must be completed with SCA and thus 3-D Secure.

However, for subsequent withdrawals from Saved Cards, it gets a little more complicated;

Cardholder is not present - Subsequent withdrawals from Saved Cards where cardholder is NOT present. It could, for example, be an automatic recharging of a travel card or BroBizz where automatic payments are made, but where the withdrawals are not scheduled and it therefore isn’t a subscription.

In this case subsequent withdrawals will take place as it currently does, ie. the cardholder does not need to take any further action after the card initially is saved with SCA.

Cardholder is present - However, subsequent withdrawals, where the cardholder is present, will require the cardholder to go through 3-D Secure again.

This could for example be when a shop stores the customer’s card information, so that the customer does not have to enter them for subsequent purchases. After implementation of PSD2, this will still require the cardholder to be sent through the 3-D Secure flow.

It is our assessment that the advantage of storing cards by a shop will be significantly reduced when the cardholder has to go through 3-D Secure, and for that reason it won’t be a priority to support that.

Until it is supported again, it is recommended to stop using Saved Cards for this scenario.

Dankort

Instead of the standard 3-D Secure, Dankort instead uses Secured by Nets.

If you have activated Secured by Nets under Settings > Acquirers > Nets, all payments will automatically be sent through Secured by Nets, and you will automatically comply with PSD2.

When 3-D Secure v2 is rolled out, Secured by Nets will be part of that and not be a setting on its own anymore. However, in this regard no action will be required on your part.

Get ready for PSD2

Read the guide below or watch https://youtu.be/yKW4JdXrOJE to be ready for PSD2.

Make sure that you can receive 3-D Secure

By default, all QuickPay merchants will already be able to use 3-D Secure. And most already do so.

However, we recommend that you just go through the list below to be on the safe side:

1. Activate Secured by Nets if you receive Dankort.

In QuickPay Manager under Settings > Acquirers > Nets, you need to make sure that Secured by Nets is enabled.

2. Make a test of your acquirer agreement.

In QuickPay Manager, you can perform a test of your agreement for each card acquirer. This is done under Settings > Acquirers > The selected acquirer. Make sure that the 3-D Secure test is green and approved.

NOTE: This does not pertain to Nets (Dankort). Here you need to make a test payment with a Dankort.

3. Check your shop URL.

Under Settings > Merchant you can see your shop URL(s). Make sure it is correct, and have “http://” or “https://” at the beginning.

4. Make a manual payment in your shop.

The last and best way to check if everything works as intended is to make a payment in your shop with 3-D Secure, with the credit cards you have available.

Enable 3-D Secure for PSD2 payments

Although the final deadline is January 11, 2021, it is our recommendation to start requiring 3-D Secure as soon as possible to the extent required to comply with PSD2.

This can already be ensured now by going to Settings > Fraud Filter in QuickPay Manager and at the top adding the so-called PSD2 rule sets. Thereafter, all payments exceed EUR 30, as well as all new subscriptions and Saved Cards through 3-D Secure.

If payments are rejected by card issuers for missing 3-D Secure, QuickPay automatically ensures that the payment is then retried with 3-D Secure.

11th of Januar 2021

From 11 January 2021 QuickPay will automatically ensure all merchants have Fraud Filter rules that ensure they are PSD2 compliant.

However, it will be possible to remove or customize these if desired. If these are removed, however, you may find that payments are initially rejected by the card issuers.

However, on payments that are rejected by the card issuer due to a lack of 3-D Secure, QuickPay will automatically ensure that the payment is retried with 3-D Secure.

Changes to the article

November 3, 2020

The 3-D Secure v2 section has been moved to its own article. Payments have only to a very limited extent been imposed on 3-D Secure after 1 November, and it is therefore now expected that PSD2 will not enter into force until 11 January 2021.

Payments rejected by card issuers due to lack of 3-D Secure are now automatically retried with 3-D Secure.

October 28, 2020

Added; with 3DSv2 it will no longer be possible to use QuickPay Embedded

October 21, 2020

It is now possible to create Saved Cards with 3-D Secure

Added note about possible consequences for missing address info on transactions

October 16, 2020

Added note that the customer’s address can be sent in one variable invoice_address[street] instead of including both invoice_address[street] and invoice_address[house_number]

October 13, 2020

Added info on 3-D Secure v2 and how to get ready for PSD2 and 3-D Secure v2


Contact QuickPay Support
Need help?

support@quickpay.net