Is the European Hospitality Industry Ready for the Payment Services Directive 2?

Written by: Richard Sheinis, Esq.

Many of you are probably asking what is the “Payment Services Directive 2 (PSD2)”, before worrying about being ready for it!  PSD2 is a Directive from the European Parliament (Directive (EU) 2015/2366) intended to modernize Europe’s payment services for the benefit of consumers and business, and to facilitate innovation, competition, and efficiency in the EU online payments market.  While many elements of he PSD2 are already in effect, the migration to the core principle of Strong Consumer Authentication (“SCA”), was pushed back by the European Banking Authority to December 31, 2020.

SCA will require customers to provide two (2) out of a possible (3) independent identification factors to prove they are who they say they are, as part of a payment card transaction.  The three (3) possible identification factors are:

• Something only the customer owns, like a mobile phone
• Something only the customer knows, like a PIN
• Something that characterizes only the customer, such as a fingerprint

The standard industry protocol is 3D Secure (3DS), which allows for authentication processes such as fingerprints or facial recognition.  Some transactions will be exempt from SCA, such as low-value transactions of less than €30, or transactions that fit one of the nine (9) exemptions.

Banks and other payment services providers will have to put in place the necessary infrastructure for SCA, and merchants will have to be ready to operate in a SCA environment by the beginning of 2021.

(For a more complete review of PSD2 and what you will need to do to comply, contact Richard Sheinis, litigated in federal and state courts in areas of data privacy and security.