Everyone in the payment industry is striving for compliance with the EU’s second payment services directive (PSD2).
If you’re a business owner, you’re no doubt concerned about whether the payment services you use comply with the new directive, which goes into effect January 1, 2021. If they aren’t, you’ll face declined payments (and potentially a declining number of customers as a result) unless you search for a new payment service that is PSD2 compliant.
Authorize.Net is among the more widely used payment gateways; if you use it for your business, you’re likely wondering whether this payment company is compliant. Keep reading to find out what it means to be PSD2 compliant, and whether Authorize.Net has you covered.
What does it mean to be PSD2 compliant?
In short, PSD2 compliance for payment services means implementing strong customer authentication (SCA) measures for online payments, where a substantial amount of fraud occurs. Essentially, SCA is an authentication process meant to verify the identity of online buyers, which will make online purchases more secure and reduce fraud.
A key component of the new regulation is a security protocol called 3D Secure 2.0, which is the best method of online verification and satisfies the PSD2 requirement for strong customer authentication. A payment service that can facilitate SCA using 3D Secure 2.0 is considered PSD2 compliant.
Authorize.Net’s PSD2 compliance
Currently, Authorize.Net has not announced that it is PSD2 compliant. In fact, all signs indicate that it doesn’t have plans to become compliant in the near future, nor do any payment solutions that integrate with Authorize.Net.
What does that mean for business owners who currently use Authorize.Net to process their customers’ payments in the EU?
The easiest option is to migrate to CyberSource, which is a sister company to Authorize.Net. (Visa owns both payment entities.) CyberSource is a payment management platform that enables merchants to accept and manage payments, secure their payment data, and mitigate fraud.
CyberSource supports 3D Secure 2.0 and SCA, which means it’s PSD2 compliant. If you choose to migrate to CyberSource, you have two options:
- Hosted checkout. CyberSource’s hosted checkout is called Secure Acceptance. With this option, you can implement 3D Secure 2.0 quickly and easily. When your customers pay, they’ll automatically move through the new authentication process.
- API integration. With this option, you host and manage your own checkout page using CyberSource’s payment APIs. Since CyberSource isn’t hosting the payment authentication process, it’s your responsibility to implement or upgrade 3D Secure 2.0 in your payment integration.
Alternatively, you can migrate to other PSD2-compliant solutions:
- PayPal Business. This widely used payment solution says they will comply with PSD2 by the deadline.
- Stripe. This popular payment processor notes that they will comply with PSD2 as well.
Two Authorize.Net customers offer their opinions on the company’s apparent intention not to comply with PSD2. Anna Nazarenko of MightyCall says her company is weighing its options. “EU clients constitute a small fraction of our overall customer base, so we’re assessing the situation to understand whether a full change of gateway is necessary. We’re considering transferring our EU clients from card payments to PayPal, since it’s PSD2 compliant.”
Meanwhile, Tony Arevalo of CarSurance says, “I personally would continue using Authorize.Net if my customers were primarily based outside of Europe. For businesses that are based in Europe, however, I would suggest changing to PayPal or another payment solution that is more PSD2-ready.”
We created an in-depth guide on the topic to simplify things and help you understand PSD2’s regulations. It includes information on the first PSD, SCA, SCA exemptions, and what you can do to become compliant.