Payment Services Directive or PSD2, have you notified your customers of changes?

In the wake of frequent data breaches, one-time password (OTP) verification has rapidly replaced knowledge-based questions as the stepped-up authentication standard for the card industry.

Changes have come into affect this September as part of the second Payment Services Directive or PSD2 which requires all banks to introduce stronger customer authentication for online purchases.

• Some Visa online transactions will soon require text message confirmation 
• Will replace current 'Verified by Visa' password system

The move could cause confusion for some customers that may not initially trust a text message when making online payments, especially if they are unaware of this new level of security. Customers of all banks that issue Visa debit and credit cards will be affected by the change.

What is 2-factor authentication?

Two-factor authentication is a second layer of security which is used to protect an account, system - and in this case, transactions online. It increases the safety of online accounts by requiring two types of information from the user, such as a password or PIN, an e-mail account, credit and debit card or fingerprint, before the user can log-in or transact.

What Operators should be aware of

Most banks and many online stores have written to their customers to inform them of the changes.  For operators we encourage you to inform your customers about the changes. Remind them that they should have the correct email address, as well as current mobile number registered with their bank to ensure the continuation of smooth online payments.  It is likely that without the correct contact details many banks will not be able to confirm a transaction is genuine causing online payment processing issues.

Helpful marketing statements which you can use with your customers

1. Soon you may be asked to authentic your card payments at the check-out by entering a One-Time-Passcode (OTP) which will be sent by SMS, phone or email.
2. OTP’s are an extra level of security when making transactions online.  Your card provider will send a randomly generated code to you via SMS, phone or email. You simply key in the OTP when prompted at the checkout.
3. If you have used a OTP before you'll know it's really quick and easy, but its essential that your payment card provider has your current mobile number or email address.
4. Please make sure everything is up-to-date and enjoy peace of mind that your card payments are being made secure than ever before.
5. To complete online transactions without any hiccups, you will need to ensure your contact details are up to date with any card providers you use. If your information is not up to date, they won’t be able to deliver your OTP and this will prevent you from completing your online purchase.

Our industry deals with a variety of customers from all age groups therefore Visa and Mastercard will be working with their customers to provide mechanisms to support the changes. 

Visa have said that... although all Visa card-issuing banks will support this increased level of security, alternatives are available should customers feel uncomfortable or unable to use a OTP. Customers should contact their card-issuing bank to discuss their options. Visa goes onto say that alternatives include use of partial password entry, knowledge based questions or physical tokens. It adds that the change will roll out across the industry by the time PSD2 (Revised Payment Service Directive) lands in September 2019, regardless of your card scheme.

Check out GladstonePay to simplify your customers online payment experience, with stored credit card tokens.  Ask your Gladstone Account Manager about beating your current payment gateway fees - we believe we could save operators up to 50%.

Further Reading

• Read more from Which - replacing passwords with text messages. 
• Banks will soon require text message confirmation for online Visa card purchases in shake-up that will hit ALL online shoppers - thisismoney.co.uk