- What is PSD 2?
- What are the major changes ?
- Strong authentification
- Frictionless authentication
- The authentication mode’s selection
- How can I update my shop on September 14th ?
- Your shop is based on PrestaShop, WooCommerce or Magento
- Your shop is based on another CMS
- You have developed your shop using the PayPlug API
- You are using an online ecommerce platform
- What are the risks if your shop doesn’t comply on September 14th ?
What is the PSD 2 ?
Adopted on July 24th 2013 the new version of the Payment Services Directive (or PSD) aims principally at easing up the payment on the internet between merchants and the buyer’s bank, as well as increasing online transactions’ security.
This new directive will be implemented on September 14th 2019. PayPlug is directly concerned by the increase of controls on transactions and on the implementation of a new 3-D secure version ( 3-D Secure v2.0). You have developed your shop using the PayPlug API :
What are the major changes ?
The principal change is related to the payer’s authentication management. Currently, in case the 3-D secure is triggered, the customer is redirected to a window hosted by his bank in order to enter a 6-figure-code he receives by SMS. The 3-D secure is triggered or not, thanks to features that are made available : applying it either from a determined amount, or in a smart way through a tool such as the smart 3-D secure.
On September 14th within the frame of the 2.0 3D secure, the authentication is changing and will be through two different authentication modes : strong authentication and frictionless authentication.
The aim of setting the strong authentication is to strengthen payments security using as a base at least two of the following check points :
- Something the customer knows (Knowledge) : for example a password
- Something the customer possesses (possession) : a phone, a computer
- Something the customer is (inherence) : finger print, face recognition
Your customer’s bank will be the one which decides for him what are the authentication check points and the solutions it will prefer.
The banks should start to communicate during this summer to their customers on their authentication methods and the solution they will be privileging.
Through this method, your customer won’t be submitted to the 2.0 3-D Secure. This simplified process is made possible thanks to a better communication between the different actors composing the payment processing chain. Indeed, the PSD2 provides a list of information which should be transmitted necessarily on each payment. For example, the delivery and billing address should be from now on mandatorily provided for each transaction.
The authentication mode’s selection
Within the frame of the payment processing, 3 actors are involved in the process of triggering the authentication mode.
- PayPlug : your payment solutions
- The acquirer : the bank which is « requesting » the transaction for you
- The issuing bank : the bank used by your customer
This way when a customer will come on your shop to realize a payment, PayPlug will ask for the strong or frictionless authentication, the acquirer will be validating (or not) the choice, and the issuing bank will be the last decision-making body and will accept or not the emitted preference initially.
According to the bank's answer, your customer will be submitted to a strong or frictionless authentication.
The PSD2 goal is to increase the payment fluidity in spite of the athentication increase. This way, different exemption are set up :
- The low-risk payments :The strong authentication isn’t required when the payment solution has a performing risk analysis system and when the fraud rate of the acquirer is low
- Payments under 30€ : The amounts under 30€ are not submitted to the strong authentication. However, it still is required every 5 payments (even under 30€) and when the combined total is over 100€.)
- Payments initiated by the merchant ( recurring or installed payment) : Recurring or installed payments with a fixed amount are not concerned (once the first payment is realized) because they are considered as being « initiated by the merchant »
- Corporate payments : payments done through corporate dedicated channels, for example business travel centers
- Outside the euro zone : The transactions, the merchant or the customer are located outside the Euro zone
How can I update my shop for September 14th ?
The PayPlug keyword being Simple, our expert team is working on the topic since months. We are looking for the simplest possible solutions to help you in this transition. The complexity will then vary according to the type of shop you are using.
Your shop is based on PrestaShop, WooCommerce or Magento
PayPlug has plugins for PrestaShop, WooCommerce and Magento. Those plugins will progressively be updated to allow you to have an online shop compliant in a few clicks. Emails will be sent progressively from beginnings of July. You can from now on, make sure you are using the plugins proposed by PayPlug :
- Prestashop :
- Last plugin version
- How to install the plugins for 1.4 to 1.6 version and for the 1.7 version
- Magento :
- Last plugin version : Magento 1 and Magento 2
- More information on the plugin
- WooCommerce :
- Last plugin version
- How to install the plugin
Only the above listed versions will be supported by our team. If you are using other plugins, we advise you to contact the creator directly.
Your shop is based on another CMS
These last years, various developers have proposed their plugins in order to make our service available on other platforms https://www.payplug.com/fr/nos-modules (OpenCart, Drupal…). From our side, we try to contact them in order to ask them to update the plugins.
If you are in that case, don’t hesitate to contact these plugins owners to ask them what they planned to do.
You have developed your shop using the PayPlug API
If you did use our last API version (https://docs.payplug.com/api/) , the documentation will be updated in the following weeks, you will only have to add more information when creating a payment. Among all, as previously indicated the billing and delivery address.
If you are still using our old API version (https://payplug-php.readthedocs.io/en/v1.1.2/) we strongly recommend you to upgrade to the new version, because the old one won’t be updated. Furthermore, we will, within the next months begin to start to announce the end of life of this integration method.
You are using an online ecommerce platform
No worries, our team in charge of partnerships is currently contacting all the platforms which we work with in order for this ones to integrate the good information. Everything should be ready for September 14th.
What are the risks if your shop isn’t compliant on September 14th ?
All the banks are working until today on this subject to the PSD2 implementation, it is still difficult to get an exact idea on what will happen if your shop isn’t compliant. We have, from our side, identified 2 important risks:
- In case of failure to update the shop, the payments should keep working normally, however the authentication is very likely to be systematic for every payment.
- If the credit card issuing bank isn’t compliant with the PSD2, the payments should keep on working normally. In case of payment, under the 3D secure frame, the strong authentication should not be necessary. Over it the old system should keep on working.
Some uncertainties remain though, this is the reason why we recommend you to update your shop as soon as the plugin will be available in order to avoid any inconveniences from September 14th on.
To go further :