Guide to PSD2

Strong Customer Authentication:
Be ready with ScreenWiZeTM


“PSD2 aims to make payments safer, increase consumers’ protection, foster innovation and competition while ensuring a level playing field for all actors, including new ones which were not regulated by the first version of the Payment Services Directive.”
European Payments Council (2018)

Learn more

Strong Customer Authentication (SCA): Be ready with ScreenWiZeTM

PSD2 is independent of 3DS 2.0. While PSD2 is a pure European Regulation that applies for EU-based customers and merchants, 3DS 2.0 is the evolution of 3DS applied globally to improve online shopping security. Hence, we are talking about PSD2 and not about 3DS 2.0 in this section.


Strong Customer Authentication under PSD2

Strong Customer Authentication (SCA) is at the core and most visible change for consumers that will be introduced by PSD2 during 2019. The principle of SCA is to ensure customer protection via an increased level of security of electronic payments. In short, SCA requires a customer (individuals and corporates) in future to provide two of the following:

1. Knowledge: Something only the user knows such as PIN, password, etc.
2. Possession: Something only the user possesses such as card, mobile phone, security key, etc.
3. Inherence: Something the user is such as biometric features or behavioural biometric (fingerprint, face recognition, spending patterns, behavioural patterns, etc.)
when doing any of the following online activities:

1. Online banking: Access to a payment account including aggregated views
2. Electronic payment of any sort
3. Any action carried out through a remote channel that may imply a risk of payment fraud or abuse

Learn more

As always, there are exemptions to the process and it is important to note that the issuers will be required to put in place the measures of authentication of their choice. It is not the merchants’ responsibility to incorporate this.


(Source: Barclaycard)



— Remote transactions up-to €30.00, but only €100.00 per day or 5 consecutive payments

— Contactless card payments up-to €50.00, but only €150.00 per day or 5 contactless consecutive payments

— Unattended payment terminals for transport fares and parking fees

— Online transactions towards a trusted beneficiary

— Corporate payments if dedicated payment processes and protocols are used

— Online payment account access for up-to 90 days after SCA has been done

— When fraud and chargeback rates observed but the payment service are lower than the pre-set reference fraud and chargeback rates

— Transactions in case the PSP has a real-time transaction monitoring system that monitors at a minimum the following:

  •   – Previous spending pattern
  •   – Transaction history of payer and payee
  •   – Location of payer and payee at the time of the transaction


Who is liable if SCA is not in place?

PSD2 foresees that the payer can claim full reimbursement from their PSP in case of an unauthorised payment if there was no SCA measure in place and if the payer did not act fraudulently.

Learn more

Talk to us

ScreenWiZeTM enables your business to conform with PSD2, and when combined with GoFrictionless it is able to get exemption of SCA making merchants more profitable and offer frictionless customer journeys.

Copy link
Powered by Social Snap