The second Payment Services Directive or PSD2 is a European law which comes into full force on 14th September 2019.
PSD2 aims to make it more secure for you to make electronic payments when shopping online or using online banking services.
While some elements of the PSD2 legislation have applied from 13th January 2018, the full rollout from September 2019 will result in changes to how you use digital payments channels and shop online by introducing added security rules referred as Strong Customer Authentication (SCA).
What is Strong Customer Authentication (SCA)?
The principle of SCA is to increase security for electronic payments through the introduction of two factor authentication protocols. You will be asked to confirm your identity by using the following factors, each of which are independent of each other:
- Knowledge– something only you know e.g., password or PIN
- Possession– something only you have e.g. a card or mobile phone
SCA will be used when accessing online payment accounts or shopping online.
Customer authentication is in use today however with PSD2 it is likely to be used more frequently to provide enhanced security.
When will SCA apply?
SCA shall apply when accessing your account online and when initiating an electronic payment. It applies to all payments made within the EEA.
Online Access:
- SCA shall apply when accessing accounts online through your PC, Tablet, Mobile, Apps.
- SCA shall apply when accessing accounts at least every 90 days.
- SCA shall apply when accessing online account data more than 90 days old e.g.
- Online transactions
- Statement history
- Transaction log
Payment Initiation:
- SCA shall apply when initiating a payment online (electronic remote payment transaction).
PSD2 Exceptions
Under PSD2 the following exemptions may apply:
- Paper based transactions.
- Phone based transactions.
- Credit Transfers to self, provided the accounts are held within the same Credit Union.
- Recurring Transactions: Direct Debits fixed or variable amounts.
- Payments to trusted beneficiaries that you have set up through your credit union prior to the 14th September 2019.
- Online payments under €30 except when a cumulative value of €100 is reached or five €30 payments have been made.
- Contactless card payments under €30 except when a cumulative value of €150 is reached or five €30 contactless payments have been made.
- Accessing some account information example, account balance or 90 days’ worth of transactions.
Regulation
This is your ‘Framework Contract’ with us in relation to the particular payment account referenced below and for the purposes of the Regulations. View it here.