Ready or not, PSD2 is here.
Are you prepared to collect online payments from customers, clients, vendors, or donors in Europe?
With the European Union’s revised Payment Services Directive — commonly known as PSD2 — banks across the continent must work hand in hand with payment processors to ensure that online transactions are legitimate and secure.
This could ultimately be a boon or a bane for merchants, retailers, and other businesses with customers in Europe.
That’s because banks can reject online purchases if merchants use third-party payment processors that don’t comply with PSD2’s strong customer authentication requirements.
Although the directive officially went into effect in September 2019, the European Banking Authority gave businesses until the end of 2020 to implement strong customer authentication safeguards for online transactions.
We kicked off the PSD2 compliance process in August 2019 by ensuring that our Stripe integration could use 3D Secure 2.0 to authenticate cardholder payment information submitted through a JotForm payment form.
Since then, we’ve been updating our payment processor integrations to make sure that businesses can collect money from cardholders in Europe through their JotForm payment forms.
Data shared with payment processors, such as a device’s geolocation information, the IP address, and a customer’s identification, is used to detect suspicious, abnormal, or fraudulent transactions
With businesses and payment processors alike preparing for enforcement actions to begin at the start of 2021, we compiled a list of PSD2-compliant payment processors that comply with the law’s strong customer authentication mandates:
- PayPal Business
- Worldpay (UK)
- PayPal Invoicing
If you’re already using any of these payment integrations, the good news is that you can go about your business and keep collecting money from people who fill out your forms. To show you how the strong customer authentication process works in JotForm, we’ll walk you through it by using our payment processor integrations with Square and Braintree as examples.
Although the only European country where Square can accept credit card payments is the United Kingdom, the payment processor has vowed to comply with PSD2’s strong customer authentication requirements.
This is particularly important since PSD2 will be enforced in the United Kingdom, regardless of what happens with Brexit.
The Financial Conduct Authority, a key financial industry regulator in the U.K., has given e-commerce firms and merchants until September 2021 to fully comply with PSD2’s strong customer authentication safeguards.
This means enforcement actions will be delayed until after the extension deadline so long as merchants, payment service providers, and banks take steps to meet key mandates.
In the past, customers had to provide only their card number, the card’s expiration date, the security code on the card, and their postal code to make an online payment through Square.
But websites and mobile apps that collect credit card payments, such as JotForm, must now provide Square with additional information from a cardholder’s device. This data, in turn, is used to verify a person’s identity and authenticate online transactions.
Once cardholders submit your JotForm payment form, their credit card information and more contextual data is sent to Square, which will work with banks to determine whether a purchase is legitimate.
If a cardholder’s bank gives the green light, the payment is authorized, and the checkout process is complete.
More questionable or suspicious transactions will prompt Square to pull up an identity verification challenge in a popup window.
Transactions are authenticated almost instantly for cardholders who successfully complete the verification challenge. If the information is inaccurate or a payment is rejected, form respondents will be asked to use another credit card and resubmit the Square payment form through JotForm.
As a division of PayPal, Braintree provides customizable mobile and web payment systems for online merchants and retailers in 39 European countries, including the United Kingdom.
Braintree, like PayPal, relies on 3D Secure 2.0 to comply with PSD2’s strong customer authentication mandates for credit card transactions made by European cardholders.
This means the checkout process for JotForm’s integrations with Braintree and PayPal will be very similar.
JotForm will automatically send your customer’s credit card information, along with data from their device, to Braintree once your payment form is submitted.
Braintree will then use 3D Secure 2.0 to analyze the data and verify the cardholder’s identity. 3D Secure 2.0 does this by comparing the data against information on file with the user’s bank and credit card issuer.
If all the information matches up, the transaction is authenticated almost instantaneously, and the checkout process is complete.
If a transaction is flagged as unusual or suspicious, cardholders will be asked to provide additional information in a popup window that’s similar to the one pictured below.
Answers to the challenge will be compared against information that banks and credit card companies either supply or have on file to verify a person’s identity. If a person’s submitted answers to the challenge are correct, their transaction will be authenticated, and their JotForm payment form will be submitted to you.
If answers to the challenge don’t match up with information on file, form respondents will be asked to re-enter their payment information or select another credit card to complete their transaction.
There are a lot of questions about how to be PSD2 compliant, but what’s certain is that anyone who conducts business online and has customers in Europe must start taking steps to comply with the new regulation.
We at JotForm have been working behind the scenes to ensure the PSD2 compliance process is seamless so you can keep calm and carry on.
But our work isn’t over just yet.
We’ll continue to update our integrations with other popular payment processors in Europe so retailers, merchants, and businesses can continue to collect online payments without worrying about banks declining transactions.
If you haven’t done so already, try out one of our payment forms today and see how easy it is to take the dread out of PSD2 compliance.