How new European payment regulations will affect Intuiface customers
Provisions in the EU's Payment Services Directive 2 will affect the purchase process for many EU-based Intuiface customers. Here's what you can expect.
Since 2007, the European Union has enforced a set of requirements for regulating payment services and payment service providers. Known as the Payment Services Directive, or PSD, its goal is to ensure the protection of consumer data and the fair play of payment processors.
Starting on 14-September-2019, a revision to PSD will take effect. This second version - known as PSD2 - includes the addition of a provision named Strong Customer Authentication (SCA) and it will impact Intuiface customers. Read on for details.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is well named as that is its goal - to greatly reduce the likelihood of fraudulent transactions.
What does SCA require? To accept any customer-initiated online payment, a product/service provider must build a special multi-factor authentication step into the checkout workflow. This authentication step must involve at least two of the following three ingredients:
- Something only the customer knows (e.g., password or PIN)
- Something only the customer has (e.g., mobile phone)
- Something unique to the customer (e.g., fingerprint, facial recognition)
Banks are instructed to decline payments that fail to include an SCA-compliant authentication step. The actual authentication method can vary but must be approved by a bank to be considered valid.
Intuiface, conducting business globally and thus servicing hundreds of European-based customers, will be amending its checkout process to be compliant.
How SCA will affect Intuiface customers
For our Europe-based customers:
Starting sometime during the week of September 2, an additional authentication step will affect both new Intuiface license purchases and license subscription renewals. This step requires the user to manually enter authentication information and submit this information to their bank.
For example, a PIN could be sent from the bank to the purchaser via email or text message and that PIN would be entered into a window displayed during checkout.
For new license purchases, multi-faction authentication is an additional step but should be easily accommodated as the buyer is already entering information manually. License renewals, however, become a bit more cumbersome as it will now be impossible for Intuiface to automatically renew a subscription. Instead, all renewals governed by SCA must be preceded by the cardholder performing the same multi-factor authentication step.
Intuiface is working on a bank-by-bank basis to arrange for renewal automation assuming the original purchase successfully navigated multi-factor authentication. Until that time, European-based customers should keep their eyes open for emails from Intuiface with a link to a page for manual authentication.
NOTE: EU-based banks have two years to enforce SCA. As a result, not all EU-based Intuiface customers will be required to complete a multi-factor authentication step when PSD2 takes effect on 14-September. Don't worry, we'll let you know if you're affected.
For our non-Europe-based customers:
You're unaffected - for now. Read on.
Why non-EU customers should keep their eyes open
PSD2 - and thus SCA - govern all online commerce conducted by EU-based buyers. This means Intuiface is only responsible for facilitating multi-factor authentication when the buyer is EU-based.
For now, that means if you don't live in Europe, you avoid the multi-factor authentication step during both new license purchase and subscription renewal. The fact that Intuiface itself is headquartered in Europe is irrelevant.
However, this may change. Take the General Data Protection Regulation (GDPR), for example, another EU-authored set of regulations. Here it made sense for any provider storing personal data to adopt these requirements as this would mean a single set of data security rules instead of two - one for Europe-based users and another for non-Europe-based users.
It's quite possible that either
- Non-Europe-based banks will adopt PSD2
- The EU will require Europe-based product/service providers to enforce PSD2 regardless of the customer location.
So keep your eyes open! Improved fraud protection is a plus so changes to the existing process may not be too far away.