Payment Services Directive
Starting September 14, 2019, the European Union requires that all merchants in the EU and UK comply with the Strong Customer Authentication (SCA) requirements of the Payment Services Directive (PSD2). Merchants in all other countries are encouraged to comply with PSD2 as a best practice.
Strong Customer Authentication is a key component of PSD2, and requires two of the following:
- Something only the customer has (password or PIN)
- Something only the customer knows (by phone or hardware token)
- Something only the customer is (biometric authentication such as a fingerprint or facial recognition)
European banks may decline payments that do not meet the requirements. However, low risk and low value transactions might still be accepted, as well as subsequent payments in a recurring subscription.
To learn more, see 3D Secure 2.0 changes in our Dev blog.
Due to this significant change and to ensure that customer payments are not declined, we are introducing the following changes and recommendations for native Magento payment integrations.
PSD2 Compliance Guide
|Payment Method||Compliance Requirements|
|PayPal||No action is needed to comply with PSD2, because all requirements are handled by PayPal.|
|Braintree||To comply with PSD2, do one of the following:
- (Recommended) Install the official Braintree payment integration extension from Magento Marketplace.
- Enable and configure the Braintree payment method in the Magento configuration.
|Authorize.Net||To comply with PSD2, do one of the following:
- (Recommended) Install the official Authorize.Net payment integration extension from Magento Marketplace.
- Enable and configure the Authorize.Net payment method in the Magento configuration.
These integrations support 3D Secure 2.0 verification through CardinalCommerce and other third-party services.
|Other||For all other payment integrations, check the available extensions on Magento Marketplace. You an also ask your payment provider what solutions they recommend to support PSD2 requirements.|