Ready for PSD2? Here’s what you need to know now

Ready or not, PSD2 is here.

Are you prepared to collect online payments from customers, clients, vendors, or donors in Europe?

Now that the European Union’s revised Payment Services Directive — commonly known as PSD2 — has gone into effect, banks across the continent must work hand in hand with payment processors to ensure that online transactions are legitimate and secure.

This could ultimately be a boon or a bane for merchants, retailers, and other businesses with customers in Europe.

That’s because banks can reject online purchases if merchants use third-party payment processors that don’t comply with PSD2’s strong customer authentication requirements.

For the past few weeks, we’ve been updating our integrations with payment processors to ensure that businesses can collect money from cardholders in Europe through their JotForm payment forms.

We kicked off the PSD2 compliance process last month by ensuring that our Stripe integration could use 3D Secure 2.0 to authenticate a cardholder’s payment information after a JotForm form has been filled out and submitted.

Data shared with payment processors, such as a device’s geolocation information, IP address, and identification, is used to detect suspicious, abnormal, or fraudulent transactions.

With PSD2 now in effect, we’re adding Square, PayPal Payments Pro, and Braintree, a division of PayPal, to the growing list of JotForm payment integrations that comply with the requirement’s strong customer authentication mandates.

If you’re already using any of these four payment integrations, the good news is that you can go about your business and keep collecting money from people who fill out your forms.


Although the only European country where Square can accept credit card payments is the United Kingdom, the payment processor has vowed to comply with PSD2’s strong customer authentication requirements.

This is particularly important since PSD2 will be enforced in the United Kingdom, regardless of what happens with Brexit.

The Financial Conduct Authority, a key finance industry regulator in the U.K., has given credit card companies, merchants, payment service providers, and banks until March 2021 to fully comply with PSD2’s strong customer authentication safeguards.

This means enforcement actions will be delayed until after the extension deadline so long as merchants, payment service providers, and banks take steps to meet key mandates that will be phased in over time.

In the past, customers had to provide only their card number, the card’s expiration date, the security code on the card, and their postal code to make an online payment through Square.

But websites and mobile apps that collect credit card payments, such as JotForm, must now provide Square with additional information from a cardholder’s device. This data, in turn, is used to verify a person’s identity and authenticate online transactions.

Once cardholders submit your JotForm payment form, their credit card information and more contextual data is sent to Square, which will work with banks to determine whether a purchase is legitimate.

If a cardholder’s bank gives the green light, the payment is authorized, and the checkout process is complete.

More questionable or suspicious transactions will prompt Square to pull up an identity verification challenge in a popup window.

Transactions are authenticated almost instantly for cardholders who successfully complete the verification challenge. If the information is inaccurate or a payment is rejected, form respondents will be asked to use another credit card and resubmit the Square payment form through JotForm.

PayPal Payments Pro

With customers in 50 countries throughout Europe, PayPal is popular among retailers, merchants, and businesses that collect money online.

In response to PSD2’s new mandates, PayPal is using 3D Secure 2.0 to authenticate credit card purchases made by European cardholders on any of its payment processing solutions, including PayPal Payments Pro, which is only available in one European country, the United Kingdom.

PayPal Payments Pro allows businesses to host the entire checkout process on their website, as well as customize the look and feel of it. This prevents customers from being redirected to PayPal’s website to complete their online transactions.

Once a user fills out your form, provides their payment details, and submits the form, JotForm will automatically send that information and some additional data from the user’s device to PayPal.

PayPal will then use 3D Secure 2.0 to analyze the data provided by JotForm, verify the cardholder’s identity, and authenticate the purchase through the user’s bank.

If a person’s identity can be verified quickly, the transaction is authenticated by the cardholder’s bank, and the checkout process is complete.

Transactions that can’t be verified with the information on hand will require cardholders to provide additional security information, such as a one-time code, password, or fingerprint scan on a mobile device. This identity challenge will appear in a popup window that’s similar to the one pictured below.

If cardholders provide correct answers to the challenge, their transactions should be authenticated quickly.

Once the checkout process is complete, JotForm will send a cardholder’s completed payment form to you. This information will be stored in your JotForm account and sent to the email address that’s tied to it.

If a cardholder’s bank doesn’t support 3D Secure 2.0, PayPal will use 3D Secure 1.0 to authenticate a transaction.


As a division of PayPal, Braintree provides customizable mobile and web payment systems for online merchants and retailers in 39 European countries, including the United Kingdom.

Braintree, like PayPal, relies on 3D Secure 2.0 to comply with PSD2’s strong customer authentication mandates for credit card transactions made by European cardholders.

This means the checkout process for JotForm’s integrations with Braintree and PayPal will be very similar.

JotForm will automatically send your customer’s credit card information, along with data from their device, to Braintree once your payment form is submitted.

Braintree will then use 3D Secure 2.0 to analyze the data and verify the cardholder’s identity. 3D Secure 2.0 does this by comparing the data against information on file with the user’s bank and credit card issuer.

If all the information matches up, the transaction is authenticated almost instantaneously, and the checkout process is complete.

If a transaction is flagged as unusual or suspicious, cardholders will be asked to provide additional information in a popup window that’s similar to the one pictured below.

Answers to the challenge will be compared against information that banks and credit card companies either supply or have on file to verify a person’s identity. If a person’s submitted answers to the challenge are correct, their transaction will be authenticated, and their JotForm payment form will be submitted to you.

If answers to the challenge don’t match up with information on file, form respondents will be asked to re-enter their payment information or select another credit card to complete their transaction.


There are a lot of questions about how to be PSD2 compliant, but what’s certain is that anyone who conducts business online and has customers in Europe must start taking steps to comply with the new regulation.

We at JotForm have been working behind the scenes to ensure the PSD2 compliance process is seamless so you can keep calm and carry on.

But our work isn’t over just yet.

We’ll continue to update our integrations with other popular payment processors in Europe so retailers, merchants, and businesses can continue to collect online payments without worrying about banks declining transactions.

If you haven’t done so already, try out one of our payment forms today and see how easy it is to take the dread out of PSD2 compliance.

This article is originally published on Sep 16, 2019, and updated on Feb 25, 2020
Darin is a content writer at JotForm. He is passionate about disrupting perceptions, solving problems, and helping people be more productive with the easiest online form builder. Outside of the office, he is a rush-hour straphanger, adventure seeker, coffee drinker, and frequent traveler. You can contact Darin through his contact form.

Send Comment:

JotForm Avatar


Podo CommentBe the first to comment.