As a Shopify store owner, the ability to take online payments successfully is core to your business.
What is the revised Payment Services Directive (PSD2)?
The payments industry in the European Union is regulated by the revised Payments Services Directive (PSD2). A major update of this directive is to further protect consumers who make purchases using credit and debit cards. The ultimate result will be less fraudulent transactions.
Compliance requires that you have Strong Customer Authentication (SCA) available on your online store to further protect customers.
It's important to note that this new form of authentication will not be required for all transactions on your store - only for those which the bank feels there is a risk.
What is Strong Customer Authentication (SCA)?
To accept payments and meet SCA requirements you need to build in added layers of customer authentication into your store as part of the checkout process.
2 of the following elements are required at the checkout:
Something the customer knows (e.g. password or PIN)
Something the customer has (e.g. phone, credit card)
Something the customer is (e.g. facial and fingerprint recognition)
What do Shopify merchants need to do?
If you’re using Shopify Payments in Ireland, Germany, Denmark, the Netherlands, Spain, or the United Kingdom, you don't need to take action. You’re compliant.
If you're using a 3rd party gateway, you may have received the notice below on your dashboard:
Shopify recommend you reach out to Cardinal Commerce and also reach out to your merchant services payment provider also.
When will PSD2 be enforced?
The official date for implementation was September 14th 2019. However an extension was granted.
Useful LinksShopify Blog Post - Understanding PSD2 and Strong Customer Authentication
European Commission - Payment Services
Keith Matthews, Milk Bottle Labs