PSD2: 5 things you need to know
By Diana Hoffman, director, product marketing
The second Payment Services Directive (PSD2) was enacted 14 September 2019. We’re taking a close look at the new requirements and offering suggestions to travel managers and business travellers to help with the adoption of Strong Customer Authentication (SCA), a compliance standard for PSD2.
The goal of PSD2 is to standardise and improve e-commerce payment security in the European Economic Area (EEA). In a nutshell, the European Parliament is seeking to increase the safety of consumers who are paying online for goods and services. Although the primary focus of PSD2 is on financial institutions, there are also impacts for merchants and, most importantly, customers.
5 things to know about PSD2
What is Egencia doing to support the PSD2?
Egencia fully supports efforts to ensure increased safety for online purchases and we began preparing for PSD2 18 months ago. We’ve worked closely with financial regulators, card schemes (payment networks linked to credit and debit cards) and the various players in the payments ecosystem to ensure that we have plans in place to support the unique complexities of booking corporate travel online.
What can my travellers expect?
If you’re a business traveller in one of the impacted states who is booking on the Egencia platform, and you use a personal credit card issued by a European financial institution, you may be asked by your bank to validate your transaction using two-factor authentication at checkout. Part of SCA, two-factor authentication adds a second layer of security to protect online transactions by requiring two types of unique information from a purchaser to validate their purchase. Two-factor authentication is a requirement of PSD2 that banks must enforce. We’ve acknowledged this requirement by supporting banks’ workflows for this authentication in our checkout processes.
How can I ensure that my travellers are ready for SCA?
The good news is that most consumers are aware of SCA, even if they don’t know it by that name. It’s not unusual for individuals to be asked for two-factor authentication when accessing their banking records online, for example. There are generally three recognised types of authentication factors:
- Something that you know: This includes passwords, PINs or unique code words.
- Something that you have: Physical objects such as smart cards or token devices that produce a time-based PIN.
- Something that you are: This includes fingerprints, facial recognition, retina scans, iris scans and voice verification.
You can support your business travellers by making them aware that their bank may challenge their online transactions by using two-factor authentication. The two-factor authentication challenge will be visible when they see a pop-up screen when completing checkout, for example. An example of a challenge from a financial institution can be seen in the screenshot below.
Is whitelisting possible with Egencia?
Whitelisting is a process that allows a card holder to identify businesses that they trust. It’s one way that card holders can work with their financial institution to exempt transactions that may be subject to two-factor authentication. It’s important to understand that whitelisting is controlled by your financial institution and not Egencia. We encourage you to discuss this exemption option with your bank to determine if it’s the right choice for your travellers.
I’ve heard that PSD2 is being delayed. Do I still need to be ready?
SCA is a requirement that falls on the banking entities to enforce. Each EEA member has the discretion to — and some have chosen to — delay enforcement of the SCA requirements. This means that the ultimate decision of whether or not to require SCA falls on issuing banks within the EEA. We’ve worked closely with financial regulators, card schemes and the various players in the online payments ecosystem to ensure that our customers’ needs have been addressed and our solutions are SCA-compliant.
Providing the best customer experience from trip planning to safe return is important to us. As this new directive enters the market, our goal has been to ensure that we support PSD2 while also providing a smooth checkout process for our customers.
More information on PSD2 is available on the European Commission’s website.