Payment gateways: Why PSD2 could be the biggest change to the eCommerce sector in a decade
by David Dwyer on 21/10/2019 84 Reads
Sometime in the late 1990s one of the world’s most important economic innovations was rolled out, the payment gateway. As you’ll know – whether you’re an online retail merchant, a bank, a payment gateway provider or a retail addict (or moderately restrained remote/anonymous purchase enthusiast) – this heralded the launch of one of history’s most incredible commercial success stories, eCommerce.
Being a part of this sector is still something that fills me with pride because in almost every year since its inception it has achieved double-figure growth, quickly outstripping High-Street sales, gobbling up Ad Revenue, shifting cash-based retail to card transactions, creating jobs for many and becoming a significant and vital contribution to the GDP of many countries around the world.
There are few other sectors that have so rapidly evolved to so greatly impact all of our lives. But could this all now be in jeopardy and why are both the platforms and online retailers so worried about PSD2?
A $3 trillion sector on the brink of change
First, there was the world wide web, and shortly after that maverick retailers recognised the potential of this new marketing tool. However, in the beginning, there was a problem with confidence, mainly on the customer’s side because who were these faceless online retailers, would they take my money and run, and even if they were legitimate could someone just steal my credit card details and go on a spending spree?
Secure payment gateways and a social acceptance of eCommerce saw a sector worth just a few billion dollars 20-years ago grow into a worldwide phenomenon worth around $3.53 trillion in sales today.
While the problem with confidence in online retailing may have faded, the problem with cybercriminals has grown. Over the decades they have been getting ever more sophisticated at finding ways to defraud the digital retailer and today over £300m a year is lost to fraud in the UK alone.
In an attempt to counter this rising challenge for the industry, and to further deepen protection for consumers, the EU has launched PSD2. Have you heard of it? Are your chosen platforms ready? Are you ready? And importantly how will your clients (the online retailers) respond when their customers either cannot or will not transact?
Why has PSD2 got the platforms scared?
I’m sure you’ll know already, but just in case there are one or two of you who don’t, PSD2 stands for the second iteration of the Payment Services Directive, the European Union legislation that looks to enforce a set of rules to create a safer, more secure digital environment for retailers and customers alike.
The most critical element of PSD2 for the eCommerce sector is Strong Customer Authentication (SCA), the legislation’s requirement on banks to only accept payments from payment gateways that have gathered at least 2 out of 3 forms of ID from a purchaser in a merchant’s checkout process. Much like GDPR we’ve already seen a delay in the enforcement of the PSD2 legislation (the legislation is now in place).
The regulations provide examples of the ‘acceptable’ forms of ID that a customer can provide to prove that they are who they say they are in order to minimise the chance of fraud taking place. It could be a biometric password via fingerprint or face recognition, or a pin number and a push notification to their smartphone, or two of a number of options that fall under three general categories: –
The practical issues this creates for you as a payment gateway and your merchant clients are:
Ignore this problem at your peril
Yes, this is EU legislation, but no Brexit will not save us from it. All indications are that the UK will continue to abide by the PSD2 legislation whether we leave the EU or not, so please do not sit back and think that Brexit will solve the problem for you, it won’t.
The practical reality is that as banks across the EEA (European Economic Area) adapt to the new norm and adopt PSD2 requirements, your clients (online retailers), at least the ones that have ignored the problem, will start to see more and more of their transactions failing. Worse still, if payment gateways ignore the problem, this could mean an exodus of clients almost overnight.
To give you an idea of the scale of the issue. The Financial Conduct Authority (FCA) expects approximately 1,821 businesses to be affected by the proposals contained within PSD2.
“It is expected that 1,552 payment service providers (these include banks, building societies PIs and EMIs), 200 businesses that operate under limited network exclusion, 10 businesses that operate under electronic communications network exclusions and 59 credit unions and deposit takers will be affected.”
Don’t panic! Yet
Those irate calls from your merchant clients will increase in numbers because PSD2 came into force in September, yes, the deadline has already passed. However, it’s not time to panic, well, not yet at least. The UK, and a few other countries, much like GDPR, have been granted a delay to enforcement.
The FCA has confirmed that enforcement will not come into effect until 14 March 2021 to enable everyone time to adapt to the new norm.
How can we help?
Should you or your clients (online retailers) require any assistance in getting ready for this very deadline, we’re here to help.
Inspire, are specialists in the eCommerce sector – LAMP (Linux, Apache, MySQL and PHP) software engineers with the will and the wisdom to update PHP based e-commerce platforms and to formulate solutions to ensure all are compliant with PSD2 in good time for that deadline. If you’d like to discuss your specific wishlist of adaptations do give us a call today and our Developer SOS team will jump into action for you.