The Payment Services Directive 2 (PSD2) is a set of laws and regulations established by the European Banking Authority (EBA) that aim to improve consumer rights and security, while also promoting competition within the financial industry.

The directive not only enhances the safety of payments across the European Union, but also enables the development and use of innovative new technologies.

Strong customer authentication

To help combat financial and data fraud, the PSD2 requires strong customer authentication (SCA) for most online payments in Europe.

Merchants and payment service providers must verify customers' identity using two-factor authentication (2FA): that is, at least two out of the following three authentication methods:

Something a customer:

• Knows, e.g. password, PIN, knowledge-based question
• Has, e.g. phone, token, smartcard
• Is, e.g. fingerprint, voice/face recognition

If transactions aren't appropriately authenticated, banks may have to decline them.

Top of page