The EU’s second payment services directive (PSD2) has the entire payments industry busy trying to become compliant before the September 14, 2019, deadline. (If you’re not exactly sure what PSD2 is, check out our post on PSD2.)
Business owners are particularly keen on finding out whether the payment services they use are compliant. Otherwise, they face the challenge of either dealing with declined payments (and risking the possibility of driving customers away) or searching for a new payment service that’s PSD2 compliant.
One payment service widely used by business owners is PayPal. Is PayPal PSD2 compliant? Read on to find out.
What does it mean to be PSD2 compliant?
In a nutshell, PSD2 compliance for payment services means using strong customer authentication (SCA) for online transactions. In short, SCA is an authentication process that verifies the identity of the person making a purchase in order to reduce fraud.
A payment service that can perform SCA through an authentication service like 3D Secure 2.0 is considered PSD2 compliant. (If you want to know more about 3D Secure 2.0, check out this post.)
Is PayPal PSD2 compliant?
PayPal notes that it will be PSD2 compliant by the deadline. However, as a business owner, you may have to take extra steps to ensure your PayPal payment process is compliant.
What do merchants using PayPal need to do?
The answer to this question depends on your integration with PayPal. As an online merchant, you likely use fall into one of three situations:
- You use PayPal Standard.
- You use PayPal Pro (hosted by PayPal).
- You use PayPal Pro (not hosted by PayPal).
Keep reading to see what each situation requires for PSD2 compliance.
PSD2 compliance with PayPal Standard or PayPal-hosted PayPal Pro
If you’re using PayPal Standard or a form of PayPal Pro where the payment process is hosted by PayPal, you’re in the clear. In this scenario, when customers are ready to pay, they’re automatically directed to PayPal from your website. Compliance is out of your hands at that point, and PayPal is responsible for ensuring the payment process is PSD2 compliant.
PSD compliance with PayPal Pro direct
If you’re using a version of PayPal Pro that isn’t hosted by PayPal, you’re responsible for ensuring compliance. In this scenario, customers send their card payment information to you directly, which means you must authenticate them.
You’ll need to update your PayPal payment integration to abide by the card issuer’s (Visa, American Express, etc.) requirements for meeting the PSD2 mandate. PayPal recommends you integrate 3D Secure 2.0 into your checkout process so that you can authenticate customers and meet PSD2’s SCA requirements. PayPal has partnered with Visa’s CardinalCommerce to enable 3D Secure 2.0 authentication through its merchant plug-in integration.
Not complying with PSD2 could have a major impact on your business, as Tony Arevalo of Carsurance explains: “I would definitely stop using PayPal, or any payment service, if it didn’t comply with the new directive. PSD2 applies only to Europe (including the U.K.), but when you run a business that serves customers all around the world, compliance is critical to avoid losing them.”
PSD2 is a complex topic regardless of the part you play in the payment space. To help clear things up, we created an in-depth guide on PSD2, including information on the first PSD, SCA, SCA exemptions, and how you can become compliant.