September 14, 2019, is the compliance deadline for the EU’s second payment services directive, PSD2. The payment industry is full of companies — including banks and business merchants — ensuring they have all the pieces in place by then. (If you’re at all unclear on PSD2, check out this post on the subject.)
E-commerce merchants are especially concerned about whether the payment services they use comply with the new directive. If not, merchants must either deal with declined payments (and risk losing customers) or search for a new payment service that is PSD2 compliant. Millions of merchants use Square for payment processing and are wondering whether Square is PSD2 compliant.
What does it mean to be PSD2 compliant?
In short, PSD2 compliance requires payment services to use strong customer authentication (SCA) for online payments, where a substantial amount of fraud occurs. You can learn more about SCA in this post. Basically, SCA is an authentication process that verifies the identity of the person making a purchase, which helps make online payments more secure.
A key component of the new regulation is a security protocol called 3D Secure 2.0, which is the best method of online verification and satisfies the PSD2 requirement for strong customer authentication. Any payment processor that can facilitate SCA through 3D Secure 2.0 is considered PSD2 compliant. (You can learn more about 3D Secure 2.0 in this post.)
Square’s PSD2 compliance
PSD2 compliance with Square is undetermined
As of July 2019, unlike other payment companies, Square has made no official declaration about whether it’s PSD2 compliant. Most payment processors, gateways, and facilitators have announced their plans for PSD2 by now, even if they don’t plan to abide by its regulations.
However, the fact that Square hasn’t made an announcement isn’t surprising. Square started in the U.S. in 2009 and didn’t even make its way into Europe until 2017, when it opened for business in the U.K. This TechCrunch article on Square’s European debut talks about Square’s focus on small and medium-sized businesses (SMBs) “that have yet to take card payments of any kind,” which represented about half of SMBs in the U.K. at that time.
Several other payment companies have made their way into Europe, including PayPal, SumUp, and iZettle. Given Square’s late-entrant status and unfamiliarity with Europe, especially in the wake of changes in the payment landscape from PSD2, it’s inconclusive whether Square will seek compliance.
But that’s only an educated guess. As the deadline for PSD2 draws nearer, many payment companies will be scrambling for compliance; Square might just be one of them.
In the meantime, if you’re wondering how you can become PSD2 compliant, check out this in-depth guide on the topic. It includes information on the first PSD, SCA, SCA exemptions, and efforts you can take to become compliant.