

Bambora Checkout
Our Solutions
Regardless of how your customer's pay or how your online store works, Bambora Checkout is the only payment solution you need.
Fill in the form and we will contact you shortly.
Thank you!
The form is sent and we will contact you shortly
The EU’s new payment service directive, PSD2, did not create much of a stir when it was introduced in May of last year. But soon the new law will start to affect our everyday life and online merchants who don’t fulfill the new security requirements after December 31st could pay a steep price. Here is everything you need to know about the new law and how it affects you as an online merchant.
The idea behind the new directive is partly to protect consumers from fraud, but also to promote innovation in payments and financial services. To spur innovation, PSD2 has taken away the bank’s monopoly over their customer’s account information and bank customers are now free to give third party suppliers access to their account details and let them initiate payments directly from their account.
In this way, PSD2 is giving consumers full control over their own account information and banks are forced to give any third party supplier, who fulfills the legal requirements, access to their platforms through APIs.
This new system, often referred to as Open Banking, is still in its early stages and most observers expect that the intended “boom” of new payment and account information services is still a few years away. Already this September, however, we will see a more tangible effect of the new directive.
In order to prevent fraud, PSD2 contains new security regulations for digital payments that come into effect on December 31st. At the heart of these regulations are what is called strong customer authentication (SCA) and secure communication.
The demands for secure communication primarily effect the underlying payment infrastructure and won’t be visible for the average merchant or consumer. The demands for strong customer authentication will, on the other hand, effect online merchants and consumers in a more direct way.
On a practical level, strong customer authentication means that customers have to identify themselves by using at least two of the following three factors when making any digital payment or logging into their bank accounts.
This means that consumers, in practice, will no longer be able to make a card payment online by using only the information on their cards. Instead they will have to, for example, verify their identity on a bank app that is connected to their phone and requires a password or fingerprint to approve the purchase.
There are, however, some transactions to which the SCA rules won’t apply. Orders placed through email and over the telephone are not subject to SCA rules as well as merchant initiated transactions (MIT). An MIT is a transaction initiated by the merchant instead of the cardholder, for example when a hotel stores card information and charges the guest for their mini-bar expenses after they have checked out.
Exemptions from SCA
To make things easier for both merchants and consumers, PSD2 allows for some exemptions from strong customer authentication. What’s important to note is that all transactions that qualify for an exemption won’t be automatically exempted. In the case of card transactions, for example, it’s the card issuing bank that decides if an exemption is approved or not. So, even if a transaction qualifies for an exemption the customer might still have to make a strong customer authentication, if the card issuing bank chooses to demand it.
On December 31st, these rules will come into effect for all digital payments in Europe. Right now, banks, payment service providers and card networks are all working on technical solutions that will comply with the requirements for PSD2. To accept payments after September 14th you will have to make sure that these technical solutions will work with your online store.
Accepting payments from the world’s largest card networks, Visa and Mastercard, will require that you have implemented the security solution 3D Secure for your online store. 3D Secure has been used since 2001 to improve the security for online card transaction but now a new version has been developed that can also deal with the exemptions in PSD2.
Bambora have previously recommended all our customers to use 3D Secure, since it helps prevent fraud and also protects the merchant from liability in case of any fraud. From September 14th it will also be a requirement for accepting payments from Mastercard and Visa cards. For you as a merchant it is therefore important to make sure that your payment service provider has implemented for 3D Secure.
For customers that are using Bambora’s solution for online payments, Bambora Checkout, Bambora Online and Payform, this adjustment will be completely seamless. Before December 31st, we will implement 3D Secure for all our online merchants, allowing them to continue accepting card payments.
Regardless of how your customer's pay or how your online store works, Bambora Checkout is the only payment solution you need.
If you accept card payments, you've probably heard of the PCI Data Security Standard. In this article, we'll give you the breakdown of PCI and explain what it means to your company.