Online-payment icon

PSD2 SCA compliance guide

Learn about the Revised Payment Services Directive for strong customer authentication.

The information we provide in this guide can help you prepare for PSD2 SCA compliance using 3D Secure. However, the information here should not be taken as legal advice. This guide supplements the following sources:

  • Regulatory guidance provided by official domestic authorities.
  • Card scheme regulations.
  • EMVCo specifications for the 3D Secure 2 protocol.

What is PSD2?

The Revised Payment Services Directive (PSD2) is the latest version of the Payment Services Directive, a European regulation requiring strong customer authentication (SCA) to make online payments in the European Economic Area (EEA) more secure.

PSD2 is for banks, not for merchants. This means that to comply with the law in their home country, issuing banks must refuse non-compliant transactions. To avoid the risk of issuing banks refusing your transactions, you as a merchant need to ensure that your transactions comply with PSD2 SCA regulations.

What do I need to do to comply with PSD2 SCA?

PSD2 requires you to perform strong customer authentication (SCA) on affected transactions. Our recommended way of applying SCA is implementing 3D Secure. Both 3D Secure 1 and 3D Secure 2 are eligible methods for applying SCA.

For more information, refer to Implement SCA compliance.

Are my payments affected?

Answer a few questions to find out if your transactions fall under PSD2 SCA compliance guidelines.

PSD2 countries are the countries of the European Economic Area (EEA), Monaco, and the UK.

The full list is: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.

Is your business located in one of the above countries?