How Does PSD2 Affect Ecommerce?

Familie & Finanzen: So gehen Familien in Deutschland mit Geld umFamilie & Finanzen: So gehen Familien in Deutschland mit Geld um
Nick Knuppe
Head of Product Marketing
Customer-centric marketer, fanatical about GTM.

There are three factors that businesses care about when they’re making or receiving payments online: 

  • Is the payment fast? 

  • Is the payment reliable? 

  • Is the payment secure? 

Speed and security tend to tug on each other the most. Having fewer steps and less authentication mean more customers complete the checkout process and purchase goods. But, leaving out security presents the risks of fraud and false charges. This could impact your cash flow and reduce customer trust in online buying. The Payment Service Providers Directive (PSD), founded in 2007, partly exists to address all of these concerns. 

The PSD's main objectives are to increase competition in the payment service sector and encourage innovation in the payment industry by improving the security of card payments. In addition, it speeds up transactions by minimising the steps required to process them.

Payment Services Directive Two or PSD2 is the updated version of the PSD, focusing on strong customer authentication in electronic payments.

What does PSD2 mean for businesses?

For ecommerce businesses operating in the European Economic Area, complying with PSD2 is compulsory. You might see increases in declined and failed transactions as a consequence if you fail to comply. In addition, your bank may also force you to comply to satisfy their compliance obligations. 

No more credit card surcharges

It was once common for companies in Europe to pass the credit card processing fee (2% to 3%) to the customer. Not anymore. Under PSD2, businesses may not charge extra fees for any payment method, including all Visa and MasterCard payments.

Facilitate strong customer authentication (SCA)

Strong customer authentication is mandatory and requires you to provide card issuers with two-factor authentication during transactions. The SCA policy specifies that you should verify the identity of your customers in two of the following three elements:

  • Something that only the user owns (credit card, smart card, or mobile phone)

  • Something only the user knows (PIN or password)

  • Something that uniquely identifies the user (face scan or fingerprint)

What to expect after compliance

Adopting any new policy around payments is not without its growing pains. After adopting PSD2, you'll likely notice a downward trend in your cash flow statement. Credit card processors won't stop charging their 2% to 3% just because you're no longer allowed to pass the cost on to your customers. Once you remove this, you'll have to absorb the cost or raise your prices. 

The first option will affect your profit margins, though likely just in the short term. On the other hand, the second option could reduce the number of units sold, particularly in shops that compete on price. 

You should see an increase in sales in the long run because customers will feel safer shopping online. Eventually, as PSD2 becomes standard, innovations and products will help reduce payment costs over time.

Who needs to comply with PSD2?

Nearly everyone who deals with payments online is affected by the new PSD2 directive. If your ecommerce business uses any account information service providers (AISPs), account servicing payment service providers (ASPSPs), payment initiation service providers (PISPs), or third-party providers (TPPs), you’ll notice some new requirements coming your way. 

Of course, there are some exceptions. The PSD2 directive does not apply to:

  • Recurring payments like SEPA direct debits because the customer has already undergone authentication during signup. 

  • Transactions under €30

  • Transaction originating from outside the EU. Transactions originating from the UK are still subject to PSD2.

  • Transactions that are initiated by the business (variable subscriptions)

  • Transactions initiated through the mail or on the telephone

  • Anonymous transactions (gift cards)

What can my customers expect? How PSD2 affects customer experience

The most common way for customers to verify their identity is through a password, and a verification code sent to their mobile phone – a process to which anyone with a smartphone is accustomed.

The disruption during checkout could lead to a suboptimal customer experience, particularly for younger customers who value speed over security. Initially, you might notice an increase in cart abandonment. Hang tight, as PSD2 is adopted all through the EU ecommerce world, customers will get used to the new requirements and conversion rates will increase again. From the customer side, real-time risk analysis means that lower-risk transactions will not usually ask for additional authentication. They will also be at less risk for identity fraud because of a stolen card.

How will PSD2 influence businesses through Request to Pay (RtP)?

A Request to Pay is a digital request from the payee to the payer received on their mobile phone. If they approve it, money is transferred to the payee account. It simplifies transactions by reducing the number of steps it takes to complete a transaction. RtP benefits your business in the following ways:

  • RtP transactions don’t attract a fee like contactless payments do

  • RtP reduces risk of failed payments

  • Competitive advantage due to an improved customer experience 

What does the RtP flow look like?

The RtP flow follows the steps below:

Step 1: Checkout

The customer chooses to pay with their bank of choice during checkout.

Step 2: RtP initiation

A secure payment request is sent to the bank to authenticate and proceed.

Step 3: Authentication

The customer authenticates with their bank.

Step 4: Approval

The customer approves the payment using security methods such as voice recognition or Touch ID.

Step 5:Confirmation

The merchant receives a notification that the transaction is verified.

Step 6: Payment

The merchant's account receives the specified sum of money from the customer's account, and the transaction flow is completed.

Provide PSD2 compliant transactions for your online customers

Most of Mollie's payment methods, including Apple Pay, Giropay, Klarna, and PayPal, are already compliant with SCA. In addition, Mollie supports 3D Secure, a newer security protocol for debit and credit cards used in Europe. 

This means you can focus on running and growing your business without monitoring the compliance of payments coming and going. Understand how you can start accepting secure payments today.

Grow your way with Mollie
Effortless online payments