What is PSD2 and how does it affect you?
What is the new European Payment Directive?
As many of you already know, the new European payment directive (PSD2) was enacted on September 14 2018th, whose main objective is to improve security, reduce fraud and streamline transactions carried out over the Internet.
This directive allows access to the data and systems of financial institutions to third parties (also called TTPs, such as Stripe) and thus be able to access the user’s account and make payments on your behalf, previously authorized through reinforced authentication (SCA).
How does PSD2 affect you?
To protect you against online fraud, banks have implemented Strong Authentication (SCA). For this, it will be mandatory to verify your identity each time you make an online payment through at least two of these three factors:
- Something that the user KNOWS (password, PIN).
- Something the user HAS (phone, a piece of hardware).
- Something that the user IS (fingerprint, facial recognition).
This verification was already carried out in some transaction processes, but now it will be mandatory in all online payments, with certain exceptions.
How does it affect Foxize Cloud?
In the case of Foxize Cloud, being a subscription LMS platform, it requires a recurring payment. So far, we have managed user subscriptions through the payment provider Stripe. As we have commented previously, Stripe is a Third Party Payment Service Provider (TPPs) and it already has all the necessary measures to comply with PSD2 incorporated.
Among its functions, Stripe determines if strong authentication is necessary, creating exceptions so that it is only necessary to verify once in, for example, recurring payments (subscriptions). Without exception, the user should validate the payment each time the monthly transaction is made. Thanks to this exception, the purchase flow will remain the same: Start the payment, perform the authentication and complete the payment only once.
How does it work? Stripe offers real-time risk analysis through machine learning to detect the patterns of each bank, recurring errors and find solutions without the need to go to the user. Despite these measures, there may be occasions where the bank rejects the payment due to lack of verification.
In Foxize Cloud we are prepared and a notification will be sent to the user in case of failure, and we will enable a page for them to give their authorization and continue operating with the training platform.