-

PSD2 FAQs

Following the introduction of the second Payment Services Directive (PSD2), there are changes in the way clients validate their online payments. This is referred to as ‘Strong Customer Authentication’ (in short SCA) which is a concept that aims to meet the needs of clients without lowering security standards. Read on to discover answers to some of the frequently asked questions regarding PSD2 and SCA.

  • The Payment Services Directive 2 (or PSD2 for short) is a piece of European Union (EU) legislation that came into force on 13th January 2018. It aims to make banking safer, more transparent and more innovative.

    This new legislation is being introduced to protect individuals and businesses when they transact online. It also satisfies the need consumers now have for a better, more frictionless online payment journey.

  • Yes, it will. PSD2 has already been adopted in the UK as Payment Services Regulations 2017, so whatever future relationship the UK has with the EU, this regulation will still be in force.

  • One of the new safeguards is called Strong Customer Authentication (or SCA for short). This provides extra protection against fraud when transacting online. Simply put, it asks for two checks when you make purchases over the internet or when you need to access your account online.

  • PSD2 is an industry-wide directive, which all banks are obliged to follow. 

    Our aim is to achieve a balance between managing risks and maintaining the speed and convenience that transacting online provides – and customers now expect.

  • Since 2012, ecommerce fraud in the UK has doubled*. So new legislation is being introduced to make transacting online safer and more secure.

    That’s where SCA comes in. Put simply, SCA will require an individual to use an additional authentication step to verify online payments or to login to their accounts online. This new step is an addition to the current single authentication layer in place today. It means that online payments and account access will be more secure than just using a single element, such as a simple password authentication.

    *https://www.nao.org.uk/wp-content/uploads/2017/06/Online-Fraud.pdf

  • No, you can’t. This is because SCA is part of new Europe-wide legislation (the revised Payment Services Directive, or PSD2). The new regulations will apply to all payments in Europe, not just those processed by Barclays.

  • When transacting or accessing your account online, SCA will require use of two of the following three sources of validation:

    • Something you know - e.g. a password or a PIN
    • Something you have - e.g. a phone or a card 
    • Something you are - e.g. a fingerprint or face recognition

    For example, when paying online, you could use a PIN (something you know) and your card (something you have) along with card reader to authenticate your payment.

  • 2FA (it stands for two-factor authentication) is the method used to ensure Strong Customer Authentication as explained above.

  • No, not every transaction. Barclays will be able to apply a number of exemptions – based, for example, on the size of the transaction or the potential for fraud. These will be applied automatically, without the cardholder having to do anything.

  • In many instances, people buying online won’t notice any difference. On those occasions when it’s required, SCA should only add a few seconds to the checkout time – a small price to pay for the increased safety and security.

  • Yes, at times they will. You will still be able to make contactless transactions, however you may be asked to enter your PIN more frequently. This is an additional security measure to help better protect against fraudulent payments.

  • The PINsentry card reader will play an important role in helping you to authenticate online, if needed. Upon receipt keep it safe for when it’s needed.

  • Please contact your dedicated servicing team who will be able to order a PINsentry device for you.

Read related insights

Insight

PSD2

The revised Payment Services Directive PSD2 came into effect in 2018, the implications of which have been wide reaching for both, banks and corporates alike.