Preparing for New Ecommerce Legislation – PSD2

PSD2 might sound like the name of a droid from the forthcoming “Star Wars” movie, but for anyone who shops on-line, PSD2 is going to become very significant.  New legislation is coming into force across the whole of the European Union, part of a global roll out of new rules to help protect consumers who make electronic payments either through a website such as Everything Dinosaur’s or via contactless payments or chip and pin card machines.  New, additional security authentications for ecommence transactions are being introduced.  These will help to protect consumers against fraud and these new rules come into force on Saturday, 14th September 2019.

Everything Dinosaur Working Towards PSD2 Compliance

Working towards compliance with PSD2 directive.
Everything Dinosaur team members working towards compliance with new consumer protection legislation (EU Payment Services Directive – PSD2). Picture credit: Everything Dinosaur.

Picture credit: Everything Dinosaur

Everything Dinosaur Providing Extra Security and Protection

If you sell on-line, then you need to prepare for this new legislation.  Everything Dinosaur’s plans are well advanced, at the heart of our business is the belief in doing what is right for our customers.  We already have very strong protections in place including 3-D security, but these new rules require strong customer authentication to help prevent the possibility of fraudulent transactions taking place.

Payment Services Directive 2 (PSD2), was introduced as a follow up to earlier legislation, its aim is to further increase consumer protection when it comes to making on-line transactions such as buying dinosaur models from Everything Dinosaur.  In essence, it introduces the need for stronger consumer authentication, that is, the person using a credit/debit card to make a purchase is actually the person they say they are.

Strong Consumer Authentication Provides Extra Protection and Security for On-line Shoppers

PSD2 legislation - helping to protect our customers.
PSD2 legislation may require shoppers to give additional authentication at checkout.  This is all about extra security and protection. Picture credit: Everything Dinosaur.

Picture credit: Everything Dinosaur

Visit the secure Everything Dinosaur website: The Everything Dinosaur Website.

Strong Consumer Authentication (SCA)

Your payment journey through websites, might look a little different after September 14th.  By this date all ecommerce transactions must be processed via secure industry protocols such as 3-D secure, for Everything Dinosaur we already operate this system, however,  in addition, someone making a purchase from us may need to provide proof of their identity.  Shoppers may need to give additional authentication at the checkout.

Everything Dinosaur team members are already working through the requirements to ensure compliance with the new regulations.  A key component of these new rules is that ecommerce transactions will require (in most cases), additional authentication.  Strong customer authentication requires at least two independent factors in the authentication process.

Here are the three types of factors for authentication:

  • Something you know [knowledge] such as a PIN number or password.
  • Something you have [possession] such as a card, smartphone etc.
  • Something that you are (inherence) such as a fingerprint or your biometric identity.

Each electronic payment (there will be some exemptions), must be authenticated by at least two of these factors.  This helps to protect you from fraud and it is known as two-factor authentication (2FA) or multi-factor authentication (MFA).

What Wil Be Different?

At the moment, when making a purchase at Everything Dinosaur an authentication is performed as part of the card transaction process.  You might get re-directed to your card provider’s website to validate the transaction under 3-D security protocols.  If your card provider (bank), deems the transaction risk to be ‘high’, the cardholder will be required to prove their identity.  From September 14th 2019, authentication will become the new default and cannot be bypassed (unless an exemption applies).  Although authentication will be performed,  it is expected that only 5% to 10%  of authentications will result in the cardholder having to be re-directed to their banks 3-D Secure page to enter two factor authentication (2FA and challenge authentication).

The majority of the authentication requests will result in a frictionless authentication, where the cardholder is not re-directed to their banks 3-D Secure page to enter 2FA.  At Everything Dinosaur, are plans to accommodate this new legislation are already well-advanced and our existing consumer protection measures ensure that we only need to make a few minor adjustments to our security systems.

Everything Dinosaur Taking Care of Customers

A spokesperson from Everything Dinosaur commented:

“We take the protection of our customers extremely seriously.  We are currently working on responsive payment pages that will enable our customers to make a payment even more safely and securely.  In addition, we are working with our commercial partners such as SagePay to make improvements and to ensure that strong customer authentication is delivered and maintained throughout the transaction process.”

Testing of these new systems and measures will take place over the next few weeks on Everything Dinosaur’s beta sites.  This will ensure that all is ready when the new legislation comes into force on September 14th.  Furthermore, the current 3-D Secure Implementation (3DSv1) will operate until the end of 2020, but new protections entitled 3DSv2 will come into force making 3-D security systems mandatory worldwide.  Everything Dinosaur is well placed to incorporate these changes into its already very secure systems.

To read an article about https security protocols: All Everything Dinosaur Websites Upgraded to “https”.