PSD2

The facts about PSD2

The Payment Services Directive 2 (PSD2), is an EU Directive intended to bolster payment security and reduce the opportunity for fraud. The directive looks to regulate both payment processes and the payment service providers throughout the European Union.

 

Download our free PSD2 Guide (PDF)

 

Although administered by the EU and the European Banking Authority (EBA), its reach will be much wider. Regardless of where they are based, banks and other organisations seeking to trade within the EU region will need to implement payment and transaction systems that comply with the new regulations.

The Directive also looks to increase pan-European competition and participation in the payments industry, encouraging new entrants (such as non-banks) into the market and levelling-up the playing field on consumer protection with rights and obligations for both payment providers and users.

European consumers want to know that their payments are safe when they shop or make a payment online. The new Payment Services Directive will ensure that electronic payments in Europe become more secure and more convenient for European shoppers. This legislation is a step towards a digital single market; it will benefit consumers and businesses and help the economy grow.
— Commissioner Jonathan Hill, responsible for Financial Stability, Financial Services and Capital Markets Union

PSD2 A Timeline

Oct 2015

In October 2015, the European Parliament adopted the European Commission proposal to create safer and more innovative payments in Europe. This became known as the Payment Service Directive or PSD2.

The new rules aim to better protect consumers when they pay online, promoting the development and use of innovative online and mobile payments through open banking, making cross-border European payment services safer.

Nov 2015

In November 2015, the Council of the European Union (EU) passed PSD2, giving member states two years to incorporate the directive into their national laws and regulations. This was supplemented with regulatory technical standards for Strong Customer Authentication (SCA) with common and secure open standards of communication.

An important element of PSD2 is the requirement for strong customer authentication on the majority of electronic payments.

Aug 2019

In August 2019, the FCA (UK) announced that they will not take action against firms if they do not meet the relevant requirements for SCA, where there is evidence that they have taken the necessary steps to comply with the plan.

Sept 2019

In September 2019, PSD2 went into full effect, but due to delays, the European Banking Authority (EBA) allowed for an extension for Strong Customer Authentication (SCA) to be implemented.

Mar 2021

By March 2021, after an 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.

PSD2 image 01.jpg
 

Onescan dynamically links a specific amount and a specific payee with seamless easy-to-use Strong Customer Authentication (SCA): no passwords, no SMS or one-time passcode (OTP), no download

 

Strong Customer Authentication (SCA)

One of the biggest changes under the terms of PSD2 is that it will require all online transactions over €30 to be authenticated using a Strong Customer Authentication (SCA) compliant process.

The SCA process requires transactions to be authorised using a combination of two of the three approved SCA elements. Those elements are defined as:

  • Knowledge – something the person knows, such as a PIN number

  • Possession – something the person owns, such as a mobile phone

  • Inherence – something the person is, such as a fingerprint scan

And in a landmark ruling earlier this year, the EBA ruled that sending a one-time passcode to a mobile phone could not be used to prove both knowledge (of the passcode) and possession (of the mobile phone). This is a ruling that has left many within the industry scrambling for a compliant solution.

Compliance doesn’t have to be a headache

Experience shows that although consumers welcome extra security, too many steps in the payment process also leads to abandoned baskets and a loss of sales – and PSD2 adds another layer to the process.

Our Onescan solution fully meets the requirements of PSD2 but at the same time simplifying the payment process. Onescan combines possession, the ownership of the mobile phone, with either knowledge or inherence. With Onescan the process of authorising the transaction from the mobile phone involves the use of a PIN, a fingerprint scan or even facial recognition. It fully meets the new regulations.

Your customers already have all they need

We have built Onescan so that anyone with a smartphone can use the service to make a payment straightaway. There’s no requirement to download an app or upload any information in advance.

Our App-free approach simply uses the existing camera on the consumer’s smartphone to trigger the authorisation process for a transaction. It doesn’t rely on SMS so there’s no need for the retailer to know the consumer’s phone number in advance; nor is there any need to download an app, or to set-up usernames and passwords to start the process.

Using the camera opens the Onescan web app, and all the information about the goods to be purchased will be pre-loaded from the retail site, together with any information already held by the retailer – name and delivery address for example. All the customer has to do is enter the payment info and then authorise the transaction using their PIN or a biometric.

It really is that simple. Onescan:

  • Friction-free authentication process

  • Any smartphone can initiate a secure transaction

  • Improves payment security

  • Fully meets the new EU regulations

  • Available Now

The facts about Onescan from Ensygnia

How we manage payment data

Firstly, Onescan doesn’t store or hold any payment data on the customer’s mobile phone and nor does it store or hold it within the Onescan web app.

Equally, our secure online platform processing the Onescan transactions, does not store any payment information or customer data. Instead it links to compliant, industry standard wallets, vaults or payment providers such as ApplePay and PayPal. We keep your data secure during transactions as the credentials can be tokenised or sent directly to or from your payment processor.

Security

Our platform performs to the highest industry security standards including P2PE (Point-to-Point Encryption), Public Key Infrastructure (PKI), key management, cryptography, incursion detection, tamper evidencing, audit and threat prevention safeguards.

We provide multi-factor authentication as standard. Beginning with simple phone and PIN, we also enable best-of-breed, industry-standard bio-metrics, geo-location and data validation services.

No central data store

Unlike other solutions on the market, we undergo independent testing for Financial Conduct Authority (FCA) regulated companies. This goes well beyond the requirements of Payment Card Industry (PCI) Level 1 and Payments Service Directive 2 (PSD2) compliance.

What’s more because we do not store data centrally, there are no usernames, passwords or payment details for hackers to target and steal.

Full industry and PSD2 Compliance

Onescan ticks all the EU and EBA compliance boxes and is ready for implementation now. Onescan is patented and has already achieved full certification for its transaction platform, its app or web-only equivalent, and for its Software Developer Kit (SDK).

Onescan is both PCI Level 1 compliant (certified) and PSD2 ready.

Latest Blog Posts on PSD2

Ensygnia
Can 2022 be the Year of Living, and Paying, Safely?
Can 2022 be the Year of Living, and Paying, Safely?

There was a marvellous movie back in the 80’s called “The Year of Living Dangerously”. It chronicled the struggles of a group of people trying to go about their lives during a period of civil unrest. The film’s title has since entered popular culture and language. Substitute ‘pandemic’ for unrest and the title might be appropriate for both of the last two years.

Read More →
Full SCA compliance delayed again! New deadline set for March 2022
Full SCA compliance delayed again! New deadline set for March 2022

There is a well-known saying about only delaying the inevitable – and that seems to be applying to the UK’s implementation of Strong Customer Authentication (SCA) systems under the terms of the European Bank’s second Payment Services Directive (PSD2).

Read More →
The Quick Route to Compliance
The Quick Route to Compliance

If there’s one thing the technologists love, it’s a three-or-four letter abbreviation. And the world of e-commerce is awash both with the abbreviations , and also with solutions that claim to solve the problems associated with adopting or implementing the technology concerned.

Read More →
Instant Payments, Strong Authentication, and the future of retail in the new normal
Instant Payments, Strong Authentication, and the future of retail in the new normal

The European Union’s PSD2 regulations first came into force more than three years ago – January 2018 to be precise. However, some aspects of the regulations have proven harder to bring into play than others. Just this month for example, the EBA published an opinion and set deadlines on the need to remove obstacles that are preventing compliance with secure account access regulations for some payment providers.

Read More →
Deadline for SCA compliance approaching fast for European retailers
Deadline for SCA compliance approaching fast for European retailers

Payments consultancy CMSPI believes the looming deadline in Europe for retailers to comply with the regulations around Strong Customer Authentication (SCA) for online sales could cause further damage to an industry already suffering from the effects of severely reduced in-store footfall.

Read More →
Meeting PSD2’s Strong Customer Authentication (SCA) rules with contactless payments
Meeting PSD2’s Strong Customer Authentication (SCA) rules with contactless payments

We are living through unparalleled times. The COVID 19 pandemic is causing worldwide disruption on a scale that few thought possible – stocks and shares in free-fall, restrictions on travel, on socialising, entertainment, on sport. There’s panic buying in the shops and online grocery sales are booming even as retailers struggle to manage the demand.

Read More →
PSD2 and SCA – comply now because it is already the law
PSD2 and SCA – comply now because it is already the law

January 31, 2020 sees the UK ‘leave’ the European Union and begin the process of determining its future trading relationship with EU member countries and indeed the rest of the world. And it’s worth remembering that EU regulations tend to have impact on countries both within and without the European Union.

Read More →
The rules will change – are you ready?
The rules will change – are you ready?

Regardless of Brexit, or the speed of adoption of PSD2, or the success of the challenger banks, or indeed the involvement of third parties, our Onescan solution provides the basis for consumers, retailers, and all the other players in the payments field to securely and speedily authorise transactions.

Read More →
SCA: SMS One-Time Codes are not OK, says EBA
SCA: SMS One-Time Codes are not OK, says EBA

But you definitely can (SCA) with Onescan

The European Banking Authority (EBA) has published a new opinion on the Secure Customer Authentication (SCA) regulations scheduled to come into force this September. In a view that has caught many by surprise, the EBA says that those approaches that simply rely on One Time Passcodes (OTPs) sent by SMS do not actually comply with the new rules.

Read More →
You can with Onescan – frictionless PSD2 compliance
You can with Onescan – frictionless PSD2 compliance

The new EU Strong Customer Authentication (SCA) rules, require additional verification for online payments of more than €30, and the site quotes a report in the Financial Times, which says that big changes are required to processes and technology at retailers, banks and payment groups.

Read More →

Latest Tweets about #PSD2