In this article
On the 14th of September 2019, a new set of European standards and procedures related to online payments, called Strong Consumer Authentication (SCA), is scheduled to come into force. This is the part of Payment Services Directive 2 (PSD2) which is a new European regulation aiming to standardize and improve the security of electronic payments, including online payments.
3D Secure 2 (3DS2) is a new standard for authenticating online payments, which commonly uses additional SMS and/or email authentication for payments, on top of other security measures. It is the most common technical solution for performing Strong Consumer Authentication.
3DS2 selects payments which need additional authentication, based on a variety of different factors, including, but not limited to: value of the transaction, its type, who initiated the transaction, number of payments made with no authentication previously and many more. In addition, different banks and other financial institutions differ on some technical aspects of 3DS2. What is more, national financial regulators in Europe have agreed to a variety of transition periods starting on 14th September 2019, during which they will not enforce 3DS2 fully.
This unpredictable landscape makes it very hard to create a single set of rules, describing whether any given payment made by a guest will be subject to 3DS2 authentication or not. However, it is certain that the guests will be required to undergo 3DS2 authentication much more often than before, which will increase the security of the payments that they make.
Despite the complicated regulatory and technical landscape, at Smily we have made preparations to support 3DS2 authentication within all the payment flows your guests may encounter. For payments which originate from the guest, guests will be instantly redirected to a 3DS2 authentication page.
For so called off-session payments, which are not initiated by the guest, they will receive an email prompting them to authenticate the payment with a link redirecting them to an authentication page.
Please note: the authentication page itself will be served by the bank or other financial institution which is processing the payment. These are not issued by Smily.
For a detailed description of the impact of the new regulations on the payments that you make please see: How will SCA and 3D Secure 2 impact my usage of Smily?