With more people shopping and making payments online, banking regulators in the European Union believe that enhanced identity verification mandates for banks, payment processors, and merchants can reduce fraud without stifling innovation for fintech companies.
This mandate — known as the revised payment services directive (PSD2) — officially went into effect in September 2019 but wasn’t enforced until the beginning of 2021.
Business owners in particular want to know whether the payment services they use comply with the new directive. If not, they must either deal with declined payments or search for a new payment service that is PSD2 compliant.
One payment service widely used by business owners is Stripe, but is Stripe PSD2 compliant?
What does it mean to be PSD2 compliant?
PSD2-compliant payment services implement strong customer authentication (SCA) for online payments, where fraud is substantially more prevalent than with in-person transactions. Basically, SCA is an authentication process meant to verify the identity of the person making a purchase. Thus, the main purpose of SCA is to reduce fraud.
To be considered PSD2 compliant, a payment service must be able to facilitate SCA by utilizing a technical protocol called 3D Secure 2.0 as part of their processing service.
Is Stripe PSD2 compliant?
Stripe has successfully taken a great deal of effort to comply with PSD2, creating new products and reworking current products to facilitate SCA. Linda Scott of Silicon Dales in the U.K. uses Stripe and isn’t surprised that the payment processor is in compliance. “We have found Stripe to be proactive and open around legislative changes.”
PSD2 compliance through Payment Intents
Stripe’s new API, Payment Intents, enables you to create dynamic payment flows. Payment Intents uses Stripe’s SCA logic to apply appropriate exemptions, if applicable, and trigger 3D Secure 2.0 for appropriate authorization situations.
Because several of Stripe’s products — including Checkout, Stripe Billing, and Terminal — use Payment Intents as a foundation, they are PSD2 compliant as well. Stripe has announced that this API will be the foundation for all of its payment collection products in the future.
PSD2 compliance through Stripe Connect
Stripe Connect is another PSD2-compliant solution. Connect is particularly interesting for e-commerce marketplaces because, with it, Stripe takes on the regulatory burden of payments instead of leaving this burden on the platforms that use its services.
Stripe already has an e-money license, which allows the company to process payments, issue e-money, and handle electronic money wallets in the EU. Unlike a banking license, the e-money license doesn’t allow services like deposit accounts, loans, or mortgages. This license enables Stripe, rather than their customers, to carry the burden of PSD2 compliance.
With Stripe Connect, customers never possess or control funds during the payment flow. Instead, Stripe contracts with the platform and the sellers that use the platform, settling payments to the seller and charging the platform applicable fees for handling the payment process. The platform never possesses or controls any funds a buyer owes to a seller. Thus, Stripe Connect users aren’t required to obtain a payments license, seek exemptions, or take extra strides to comply with PSD2 regulations regarding payments.
You can learn more about Stripe Connect, its compliance with PSD2, and other features it offers in Stripe’s guide on PSD2.
PSD2 can be a difficult topic to grasp, regardless of your role in the payment industry. To help clear things up, we created an in-depth guide on PSD2, including information on the first PSD, SCA, SCA exemptions, and how you as a merchant can become compliant.