PSD2: US Companies Must Know The Compliance Information

7 min read

Online payment fraud is growing; as a result of the opportunities brought up by the surge in online shopping during the pandemic, the global total of ecommerce losses increased from $17.5 billion in 2020 to $48 billion in the year 2023. 

 

US e-commerce businesses reported an average of 1,200 attacks per month in 2022 alone—a 50% rise from the year before. Even if the number of successful fraud assaults was low, US firms should take note of this statistic and be attentive against the constant threat of cybercrime. Fortunately, there are those fighting with you to prevent this misuse. PSD2 compliance solutions are essential to guarantee compliance and implementation. 

 

PSD2: What is it?

 

Updated from the EU's 2007 original directive, the Payment Services Directive 2 (PSD2) went into effect in the year 2019.

 

By strengthening consumer rights and fostering a more secure online payment environment for both businesses and consumers, PSD2 builds on its predecessor. It also seeks to level up the playing field for third-party service providers, thereby challenging banking industry monopolies.

 

The primary features of PSD2 are:

 

Strong Customer Authentication: As required by law, companies and payment processors must verify consumers using at least two forms of authentication, such as one-time passwords (OTPs), biometrics, and PINs. Additionally, businesses need to be aware that SCA has several exceptions.

 

Customer Rights: In many respects, PSD2 enhances customer rights. It requires businesses to handle complaints and disputes promptly, make funds available to clients as quickly as feasible, and forbid them from adding fees to specific transactions. It also requires businesses to be more clear about various terms and conditions and the currency conversion rates.

Open API Third-party Access: Under PSD2, retailers are permitted to access customer data to facilitate simpler and more convenient payment processes. 

 

Does PSD2 Apply To Companies In The US?

 

The SCA mandate pertains to American companies and is applicable to retailers operating in the EEA. SCA requirements currently apply to US retailers who satisfy the following criteria:

 

US-Only Company, Yet It Receives Clients And Traffic From The EU

 

Should a significant percentage of traffic originate from Europe, retailers could wish to think about establishing an EU company. By establishing domestic processing with a company like Checkout.com, you may save cross-border expenses and guarantee automated SCA compliance in Europe, which will increase authorization rates and save costs.

 

US Companies Seeking To Enter The EU

 

Considering going after the European market? Companies will have to abide by SCA and PSD2 rules. To do this, a user flow distinct from the US flow must be built. Because of this, it's imperative to establish transition plans and choose the best collaborators to handle user flow and design testing.

 

US-Based Company With A Corporation Or Entities In The EU

 

In this case, a company's European subsidiaries will have to comply with SCA. Businesses may observe a decrease in authorization rates and might already be in danger of having their payments from issuers refused if transactions are not SCA-ready. A dedicated payment team should be collaborating with a fully compliant provider for enterprise merchants. 

 

What Effect Does PSD2 Have On The US Market?

 

PSD2 is impacting the US market in a variety of ways, in addition to requiring US companies that fit the requirements mentioned above to adhere to SCA. These ways include:

 

Increased Fraud: Due to PSD2's stricter security measures, fraudsters may choose to focus on easier targets in the US, deterring them from operating in the EU. For instance, SCA has made typical fraud techniques like card testing on retailers nearly impossible in the EU; thus, fraudsters will increase their use of these techniques in the US market.

 

3DS2: Although it's not yet required in the US, the enhanced authentication criteria for the payment industry are expected to become a standard security measure worldwide, so businesses should get ready to comply.

 

EU Entities And Customers: In order to prevent refused or illegal payments that could negatively impact revenue, US businesses that have EU entities or customers should consider how PSD2 may impact their operations.

 

What Occurs If Retailers Are Ill-Prepared To Adhere To The Rules?

 

With the implementation of PSD2, every US-based company that conducts business with, or accepts payments from, consumers in the EU and EEA or intends to do so needs to ensure that it complies with SCA regulations. 

 

If you don't employ multi-factor authentication, issuing banks will not authorize any relevant transaction, which could negatively affect your authorization rates. In the end, fewer authorizations translate into less money. 

 

Companies should also make sure that all of the nations covered by PSD2 can use their payment flows. This entails putting in place a seamless checkout process that directs users to the required authentication steps and lowers the possibility of a transaction being abandoned or a payment being rejected. 

 

How Should US Retailers Be Ready?

 

To comply with PSD2, affected US businesses should take the following actions:

 

Make Sure SCA Is Followed

 

US companies must make the most of this lead time by planning their implementation and research strategies. Ensuring your payment service provider complies with SCA regulations and has the necessary 3DS2 tools set up is a crucial step. 

 

Examine Your Business In The EU

 

You have to audit your EU activities to make sure they comply with PSD2 mandates if you have EU entities or accept payments from EU clients. This entails setting up multi-factor authentication and making sure your complaint response procedures adhere to PSD2 standards, which include promptly resolving disputes.

 

Boost Your Safety 

 

Finally, by putting in place a strong fraud detection and prevention system, you can make sure your US operations are ready to tackle the increased risk of fraud brought on by PSD2. In order to safeguard cardholder data, you must maintain strict security requirements, which is another reason to make sure you're PCI compliant. 

 

The PSD2 compliance solutions are easy to set up for both US-based businesses and their European operations, and they comply with these regulations. PSD2 compliance solutions, which provide sophisticated platform simulations to test any 3DS2 authentication or associated payment situations, are another useful tool available to merchants.

 

Additionally, merchants may secure their payment infrastructure with the help of PSD2 compliance solutions. Since SCA compliance is already included, retailers will always be prepared. 

 

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Comments (0)

    No comments yet

You must be logged in to comment.

Sign In