PSD2 Introduces New Payments Challenges

Just as General Data Protection Regulation (GDPR) took Europe by storm in the summer of 2018, a new compliance measure of the second Payment Services Directive (PSD2) is about to similarly impact the security of your online transactions. Core to this legislation is the mandate of stronger security measures for any online transactions through the use of multi-factor authentication. While this will add another layer of security to digital payments and digital commerce, it has far-reaching implications for a wealth of organizations – both in Europe and beyond.

Diving Deeper into PSD2's New Mandate

If you aren’t familiar with Strong Customer Authentication (SCA) now, you will be once the PSD2 requirement goes into effect. SCA is the new directive that mandates organizations employ multi-factor authentication following online transactions initiated by the consumer (more on transactions below). In simple terms, the consumer must confirm two of three measures to validate the transaction. The three measures are as follows:

  1. Something only the customer knows (e.g. password or PIN).
  2. Something only the customer has (e.g. code generated by mobile phone).
  3. Something only the customer is (e.g. fingerprint or facial recognition).

Come September 14, 2019, if two of these measures are not validated by the customer, transactions may be declined.

Exceptions to the Rule

As mentioned earlier, Strong Customer Authentication is required for “customer-initiated” transactions. Therefore, any online card payments and all bank transfers must go through this validation for some exceptions. Examples of these exemptions include:

  1. For certain low-risk transactions, determined by the bank or payment provider in real time, SCA is not required. Thresholds are set based on fraud rate (0.13% to exempt transactions below €100; 0.06% to exempt transactions below €250; 0.01% to exempt transactions below €500) and applied to each individual transaction.
  2. Payments below €30 qualify for exemption, but could change depending on the frequency of these “low-value” transactions.
  3. Recurring payments or automatic bank transfers may require an initial authorization, but subsequent payments will be exempt.

Who’s at Risk?

PSD2 notes that only transactions made by consumers who bank in the EU purchasing from retailers that use EU payment processors are impacted. So which organizations need to be wary of this?

  1. Every European retailer must use SCA.
  2. Every international retailer selling locally in Europe must use SCA.

You now have less than two months to ensure that SCA is incorporated into your business’ digital commerce experience. More importantly, you have less than two months to ensure that SCA becomes a seamless part of the user experience for all users regardless of device, bank, and more. Even if you’re up and running already, achieving the necessary test coverage to deliver a quality experience is an ongoing challenge. Fortunately, Applause can help.

Testing Payments in the Wild

The biggest challenge to payment testing and validating SCA is gaining access to the right testers and devices in the right locations with the required payment methods. Particularly for U.S.-based retailers that sell in the EU, leveraging European testers is a significant challenge – even more so when you need to make real transactions and do so on short notice.

Custom Testing Teams

Applause gives retailers on-demand access to the Applause Community to test the payment flows that they need to validate. Testing teams are not only customizable by demographic, but also by attributes like which banks and devices they use. This allows for a far more localized experience with insight from those who represent your ideal customer profile.

Expanded Device Coverage

With every device providing its own experience and own unique SCA options (biometric support varies by device), having access to any of those options and the extra bandwidth to test a large majority of those options is invaluable. Everyone should experience the same flow without any friction, so the ability to cover a broader device base will make a big difference.

Real-World Testing

You can test your digital experience through simulated environments, but nothing can replicate the value of testing in the real world. Users provide perspective and critical feedback that are irreplaceable to the quality of the end user’s experience. Especially when consumer security and potential fines are at risk, it is imperative to understand exactly how your experience will work in the real world.

Strategic Testing Expertise

You don’t have all of the answers when it comes to SCA testing, but that shouldn’t keep you in the dark. We work closely with your development and payment teams to ensure you are set up for testing success. Everything from assessing your current status to building a comprehensive test plan to recruiting the in-market testers to execute on that plan can all be managed by Applause. When time is of the essence, having a team in place to help navigate your way forward is invaluable.

When it comes to the security of your customers’ money and data, there is no room for error. Ensure you don’t fall short of PSD2 mandates by rethinking your testing strategy. The more thorough you are today, the happier your customers will be tomorrow and beyond.

Want to see more like this?
Jay Selig
Reading time: 5 min

5 Threats to Streaming Content Protection

Protect streaming media revenue against its many emerging threats

Understanding Generative AI: Answers to Some FAQs

Learn why generative AI’s popularity has skyrocketed, what makes it so special, and how to develop trustworthy genAI apps with these frequently asked questions.

Some Key Considerations for Testing Blockchain

Blockchain technology is changing the ways people think about — and process — secure transactions across different sectors. Transparency and testing are crucial in helping people trust the results. Explore some use cases and quality considerations.

Generative AI Use Is Growing – Along With Concerns About Bias

See the results of Applause’s survey on generative AI use and user sentiment

How to Land Your Dream Software Testing Job

Here’s how to stand out in a competitive yet thriving QA job market

What Is Continuous Testing in DevOps?

Learn about continuous testing benefits, tools and frameworks