Preparing to Comply With New PSD2 Regulations
Updated November 2020 with new enforcement dates
This blog will help Recurly customers understand the new PSD2 regulation, how it impacts them, and what they need to do to prepare.
What does PSD2 require and when does it go into effect?
PSD2 stands for Payment Services Directive 2 and is a new EU regulation going into effect on December 31, 2020 (enforcement by the UK Financial Conduct Authority [FCA] has been delayed till September 14, 2021).
This regulation impacts subscription businesses whose acquirer is in the EU and which are transacting online with customers whose issuer is also in the EU.
It applies to all online transactions, including payments made via credit cards and alternative payment methods.
With the exception of PayPal, most Alternative Payment Methods are PSD2-compliant. Therefore, the main impact of PSD2 will be on credit card transactions.
Strong Customer Authentication requirement
The main requirement of PSD2 that is relevant to our customers is called Strong Customer Authentication (SCA). SCA requires that new subscribers go through a 3DS (3D Secure) process when purchasing online. This process serves to verify (or "authenticate") the subscriber’s identity and that they are the valid holder of the credit card they’re using to complete their purchase.
How does PSD2 impact subscription businesses?
As we currently understand it, subscription businesses are only required to present the 3DS flow on the initial purchase. Subsequent (i.e. recurring) purchases are excluded from PSD2 and SCA. For subscription businesses that also have one-time purchases, they should plan to present SCA on those payments as well.
Next steps:
The primary regulatory requirements of PSD2 apply to a subscription business’ PSP (“Payment Service Provider” aka payment gateway) and not to Recurly directly.
Recurly is evaluating ways we can further assist you and your gateway in becoming compliant with PSD2, but your primary partner is your gateway.
Recurly customers should contact their gateway in order to understand the gateway’s plan for PSD2 compliance and to start using any SCA-compliant 3DS solution that the gateway supports.