PSD2 Strong Customer Authentication: The Benefits For You And Your Customers


PSD2 is an EU Directive, to regulate payment services and payment service providers, throughout the EU and  EEA.  Initially, the new PDS2 Strong Customer Authentication (SCA) regulations were set to come into force on 19th September 2019, with many elements of the PSD2 already entered-into application across the EU on 13 January 2018.

The date for SCA was subsequently set-back for the UK, until March 2021, but here at accessplanit, we’ve been working hard to get ahead of the curve, and ensure that your online payment gateways are as safe as possible.

What is PSD2?

The second Payment Service Directive (PSD2) is an EU Directive, to regulate payment services and payment service providers, throughout the European Union (EU) and European Economic Area (EEA). The aims of the directive are to:

  • Level the playing field for payment service providers, including new players
  • Encourage lower prices for payments
  • Make payments safer and more secure
  • Protect consumers
Direct quote from

The directive aims to open access up to payments and transaction data, in order to drive competition and innovation in the market- which is currently monopolized by the big banks.

What is the PSD2 Strong Customer Authentication Directive?

This is the bit of the PSD2 that is important to customers making online bookings for your courses.

There are new, strict security requirements for the initiation and processing of electronic payments. Payment service providers such as Stripe, Opayo, Barclays ePDQ and more, must apply ‘Strong Customer Authentication’ (SCA) when someone pays online.

These New EU rules will ensure that your customers get better protection against online fraud.

What does Strong Customer Authentication look like?

When making an online booking, your customers will have to authenticate their identity by two of the three following methods:

  • Personal Knowledge - Something only the customer would know, like a password
  • Possession - Something that the customer owns, like a smartphone or watch
  • Inherence - Something unique to the customer’s person, like a fingerprint

Strong customer authentication diagram PSD2

How will PSD2 make my customers safer?

SCA ensures proper identification or authentication for all payments over €30 (currently about £27). This reduces the likelihood of online fraud, especially for larger payments.

Customers will be made aware, and given advice from their banks or payment providers on the new system. However, it’s good to be in-the-know about why your payment gateways might start acting differently, so you can reassure your customers if any questions arise.

What are the exemptions to Strong Customer Authentication?

There are some exemptions to the new rules. These include:

  • Any payment under €30
  • Trusted merchants (customers can ‘whitelist’ trusted companies)
  • Regular payments (only the first transaction will be authenticated)
  • Transactions deemed ‘low-risk’, after being assessed

What has accessplanit done to make your customers safer online?

accessplanit have taken the steps necessary to be way ahead of the curve on ensuring adherence to the PSD2 SCA regulations, as data security is extremely important to us. Some of our payment integrations will take customers away to their own off-site page, in these cases, nothing more is needed. The below integrations however, required a little work from us to ensure that two-factor identification could be achieved.

What we have done:

  • Our Stripe integration has been updated to use 3D Secure
  • Our Opayo (previously Sage Pay) integration has been updated to include more identifiable information about a paying user so that they can be verified more accurately
  • Our Barclays EPDQ integration has been updated to include more identifiable information about a paying user so that they can be verified more accurately
  • We have redeveloped our integration with Global Payments (previously Realex) from the ground up!

See our full August features update here.

What Do Training Companies Need To Do?

As well as making yourself aware of the changes, and what two-factor identification entails, it's important to think about  where your customers will be from/paying from. If its from anywhere within the EU then it's important to make sure that you are using payment gateways that are ready for PSD2...

Luckily, accessplanit have made sure that all our payment integrations are up-to-date, to allow for the new PDS2 regulations, but it is worth checking with the payment gateway themselves, if you are in any doubt about their compliance with PDS2. Also, if you use any other online booking platforms, make sure you ask if they are compliant with PSD2.

holding a phone

If you've managed to get to the end of this blog without falling asleep, then we hope we've managed to get-across the main gist of what PDS2 Strong Customer Authentication entails. It's an important change, that will affect any business that sells online. Hopefully you now have the knowledge to relay to your customers, when any questions arise- or feel free to share this post with them!

Find out more about our online booking and payment functionality, by booking a short demo, today!

Further Reading

Why accessplanit Are On G-Cloud11 Procurement Network

Training Industry Benchmark Report 2019 - How Do You Measure Up?

Four Signs That Your Business Has Outgrown Spreadsheets