The European Union’s second payment services directive (PSD2) is the new security standard for all online transactions made by European cardholders.
Since the new regulation went into effect in September 2019, everyone in the payments industry — from banks and business merchants to credit card companies and payment processors — has implemented new safeguards that can authenticate and verify someone’s identity when an online purchase is made.
(If you’re at all unclear on PSD2, check out this post on the subject.)
In particular, e-commerce merchants must ensure that the payment services they use comply with PSD2’s strong customer authentication requirements by the end of 2020. If not, merchants must either deal with declined payments (and risk losing customers) or search for a new payment service that is PSD2 compliant.
Millions of merchants use Square for payment processing and are wondering whether Square is PSD2 compliant.
What does it mean to be PSD2 compliant?
In short, PSD2 compliance requires payment services to use strong customer authentication (SCA) for online payments, where a substantial amount of fraud occurs. You can learn more about SCA in this post. Basically, SCA is an authentication process that verifies the identity of the person making a purchase, which helps make online payments more secure.
A key component of the new regulation is a security protocol called 3D Secure 2.0, which is the best method of online verification and satisfies the PSD2 requirement for strong customer authentication. Any payment processor that can facilitate SCA through 3D Secure 2.0 is considered PSD2 compliant. (You can learn more about 3D Secure 2.0 in this post.)
Square’s PSD2 compliance
Square is PSD2 compliant
Just before PSD2 went into effect, Square officially announced that it will comply with the new directive and carry out strong customer authentication checks for online merchants when European cardholders make a purchase.
Updates to Square’s Payment Form and Connect V2 APIs enable this verification process, which provides Square with additional information about a cardholder making an online purchase, such as their name and billing address.
Square’s APIs automatically apply for any applicable SCA exceptions, including those for low-value or low-risk transactions.
Since this step occurs quickly and discreetly in the background after someone initiates an online transaction, merchants can comply with PSD2’s strong customer authentication requirements while still providing customers a frictionless online shopping experience.
If an exemption can’t be found for an online transaction, Square’s APIs will ask cardholders to verify their identity by completing a challenge that uses at least two of the three authentication points outlined in PSD2:
By using a combination of authentication points, rather than traditional passwords, to verify someone’s identity, Square is fulfilling its fraud-reduction obligations under PSD2.
Square has also indicated that it will incorporate more authentication methods, such as fingerprint and facial recognition, into its existing framework to reduce the burden on customers and increase sales for merchants.
In the meantime, if you’re wondering how you can become PSD2 compliant, check out this in-depth guide on the topic. It includes information on the first PSD, SCA, SCA exemptions, and efforts you can take to become compliant.