PSD2: A reinforced authentication in a nutshell

What is the PSD2 directive and how does it affect online transactions in Europe?

PSD2: The new-age authentication in a nutshell!

The security in online transactions has always been a hot topic for both retailers and customers. The primary concern for users when making a purchase is to ensure the security of their bank details, and personal information.

Before the PSD2, on each online purchase made using a payment method including a bank or credit card, customers were redirected to the bank's website, where they had to fill in the details.

Today, with the advent of the Second Payment Services Directive (PSD2), payment platforms use an integrated payment interface, that greatly simplifies the flow of payments.

This new solution has been widely received by European customers and businesses such as Trustly, which brilliantly uses the directive for online casinos powered by the Pay N Play technology. Many online casinos in western European countries such as Sweden, Estonia, Germany, and Finland widely make use of the Bankid for authentication during the login and deposit process.

With so many protocols and directives already in use, what does the PSD2 bring to the table?

One of the main reasons for the development of the PSD2 directive was to create a common structure for online payments and to simplify the flow of transactions. The developers of the protocol believed that a standardized payment directive for all of Europe will encourage the spirit of competition in the fintech world.

The second reason was to grant greater autonomy to customers while strengthening the security of their information at the same time. In the new directive, once the customer willingly gives his consent, the PSD2 allows the customer's bank data to be transmitted in real-time to the payment services via a customized API. The client is then presented with a user-friendly interface.

Different authentication protocols in online transactions

How does it work in the practical world?

Powerful authentication methods are used to ensure the security of transactions. Mainly by ensuring that the person behind the transaction is indeed the owner of the banking information being used. For the moment, the Second Payment Services Directive is only used in transactions involving bank accounts and credit cards issued in Europe. And, from January 21, 2021, all retailers will have to switch to the 3-D Secure 2 protocol which will allow them to be compatible with the Strong Customer Authentication (SCA) under the PSD2 directive.

As mandatory conditions for the approval of the transaction, the client must be able to produce certain information that alone he knows. The following information is often requested:

  1. A Code or Password
  2. A 2-step authentication from the mobile phone.
  3. Confirmation of the client's current location.
  4. Voice authentication or using a digital fingerprint.

The practical uses in the markets

Many companies in the fintech sector have already started to implement solutions that will take full advantage of the new directive. Trustly, for example, will be able to use the PSD2 to secure transactions with its latest partner, Folksam. The two companies recently announced their partnership. Their cooperation will help Swedish students pay insurance bills directly from their bank accounts.