On the 1st of January this year, the European Directive PSD2 (Payment Services Directive) came into force, which regulates the payment services (for example, payments with cards, transfers, direct debiting…) supplied in Europe and it is intended to make payments in Europe safer and more secure, as well as promote the innovation of the financial sector payment services.
The main development that this new directive establishes is the substantial modification of the requirements related to giving consent and transferring data to be processed, by introducing, among other things, the strong customer authentication (SCA) for online purchases.
This means that when it comes to e-commerce, two-factor authentication (2FA) (two codes) will be needed for all payments, apart from in specific transactions that are exempt in the Directive.
That is to say, purchases can no longer be made using just the card number (either credit or debit card) and the CSC, now at least two pieces of proof of identity are required whenever an online payment is made to prove that it is the user who is actually carrying out the transaction. Card payments made in person will not be as affected because the cards have a chip and a pin number.
In this sense, the PSD2 directly affects financial institutions and payment service suppliers and indirectly any e-commerce, which must verify and make sure that the supplier of the payment services with which it operates is complying with the obligations established by the Directive.
In view of all this, the new regulation forces third party companies AISP (Account Information Service Providers) and PISP (Payment Initiation Service Providers), to improve the relationship of consumers with their payment method and satisfy their needs, by increasing the security and safety of online purchases.