Skip to main content
Aria Knowledge Central

Payment Services Directive (PSD2)

The Payment Services Directive (PSD2, Directive (EU) 2015/2366) is an extensive revision of the European Union’s (EU) “Payment Services Directive” regulations. It defines the legal framework within which all payment service providers in the EU must operate. The objectives of PSD2 are to:

  • standardize regulations and secure payment services across EU countries,
  • ensure consumer access to transaction information,
  • specify liability for fraudulent transactions, and
  • diversify the payment services ecosystem by mandating, upon consumer consent, access to account data via API, and allowing Payment Institutions (EU-certified non-bank and non-governmental financial businesses) to sell services.

PSD2 mandates Strong Customer Authentication (SCA) achieved via multi-factor authentication and 3D Secure, an authentication protocol supported by major credit card brands.

How will Aria help my organization comply?

Aria provides seamless integration with your payment gateways, simplifying and automating collections. As part of your comprehensive PSD2-compliant solution, Aria intends to provide the following:

  1. SCA-compliant implementation of 3D Secure 2.0 (in addition to our existing implementations of 3D Secure 1.0)
  2. 3D Secure support extended across applicable payment gateways
  3. Hosted Payment Pages will be updated to support enhanced 3D Secure, where applicable

What will I have to change in my Aria instance?

Each payment gateway and/or processor is different so it is possible that no changes will be required on your side to comply. However, some gateways and/or processors may require some additional data capture from the end user's device to send in subsequent transactions. Aria will provide information as we roll out related platform updates.

What are multi-factor authentication and 3D Secure?

While physical cards are already SCA compliant, the ever-increasing prominence of online payments require alternative methods of payment method verification not reliant on the physical presence of cards. Multi-factor authentication and 3D Secure are two PSD2-compliant approaches to SCA.

  • Multi-factor authentication confirms users' identities by validating information from at least two of the following categories:
  1. Knowledge: Something they know (e.g. user id/password)
  2. Possession: Something they have (e.g. card security code (CSC/CVD/CVV/CVC), security token, one-time code via SMS/e-mail)
  3. Inherence: Something they are (e.g. touch id)
  • 3D Secure is an open standard used by major credit card brands to authenticate card transactions to prevent fraudulent payments. 3D Secure is one of the primary ways for Payment Services Providers to comply with the SCA mandate. Many of Aria's integrations with Payment Gateways and Processors support 3D Secure 1.0, and Aria is currently enhancing these integrations to support 3D Secure 2.0.

What advantages does 3D Secure 2.0 offer over 3D Secure 1.0?

3D Secure 2.0:

  • reduces false declines, which can lead to customers' abandoning transactions, with simplified authentication flow;
  • eliminates the pop-up screen from 1.0 implementation, simplifying customers' payment experience, and removing the resemblance—to suspicious or cautious users—of a phishing attempt;
  • exempts lower-value transactions from validation to accommodate lower risk levels, depending on a merchant’s fraud threshold;
  • supports not only payment card transactions, but also transactions originating from mobile and digital wallets;
  • supports desktop web transactions, and streamlines mobile device transactions; and
  • captures up to 150 data points so card issuers can better judge transaction validity, protecting from both fraudulent transactions and errant fraud declines.
  • Was this article helpful?