PSD2 SCA compliance guide

Learn about the Revised Payment Services Directive for strong customer authentication.

The information we provide in this guide can help you prepare for PSD2 SCA compliance using 3D Secure. However, the information here should not be taken as legal advice. This guide supplements the following sources:

Regulatory guidance provided by official domestic authorities.
Card scheme regulations.
EMVCo specifications for the 3D Secure 2 protocol.

What is PSD2?

The Revised Payment Services Directive (PSD2) is the latest version of the Payment Services Directive, a European regulation requiring strong customer authentication (SCA) to make online payments in the European Economic Area (EEA) more secure.

PSD2 is for banks, not for merchants. This means that to comply with the law in their home country/region, issuing banks must refuse non-compliant transactions. To avoid the risk of issuing banks refusing your transactions, you as a merchant need to ensure that your transactions comply with PSD2 SCA regulations.

What do I need to do to comply with PSD2 SCA?

PSD2 requires you to perform strong customer authentication (SCA) on affected transactions. Our recommended way of applying SCA is implementing 3D Secure. Both 3D Secure 1 and 3D Secure 2 are eligible methods for applying SCA.

For more information, refer to Implement SCA compliance.

Are my payments affected?

Your payments fall within PSD2 SCA scope if both your acquiring processing entity and your customer's issuer processing entity are in the European Economic Area (EEA), Monaco or the UK.

If your business is located in Switzerland, your acquiring processing entity is in the EEA, as funds will be acquired by Adyen's European entity, located in the Netherlands.

To find out if your payments fall within SCA scope, answer the following question.

Is your business located in one of the above countries/regions?

Yes

My business is located in the EEA, Monaco, Switzerland, or the UK*.

No

My business is not located in the EEA, Monaco, Switzerland, or the UK*.

*The complete list of countries/regions is: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, and the UK.