After GDPR, Europe is now ready for its next big regulatory change – the revised Payment Services Directive (PSD2) – which will take effect from 31st December 2020 onwards. What will be the impact of PSD2 on subscription businesses?
Europe is at the forefront of data protection across the globe. While companies are still getting used to the General Data Protection Regulation (GDPR)
, another new regulation is now ready to make its presence felt in the region. Known as the revised Payment Services Directive or PSD2, the law will now come into force on 31st December 2020 after the earlier 14th September 2019 deadline was postponed by several nations due to difficulties in meeting the requirements on time.
According to reports
, the complexity of the process led to the delay to ensure that the rules are applied uniformly across Europe. Many retailers, in particular, were not ready to comply with the original deadline and they will now get a full year to migrate smoothly towards the new form of authentication.
One of the key aims of PSD2 is to reduce fraud and increase security by introducing two-factor authentication (2FA) for payments. The law mandates companies to support ‘Strong Customer Authentication’ (SCA)
which means that banks can reject payments that do not verify the identity of the purchaser. Along with passwords and/or PINs, financial institutions will be required to support a second factor such as text message, security token or biometric identification.
The regulation will put pressure on e-commerce and other subscription businesses to come up with innovative ways to achieve 2FA compliance with minimum disruption to the customer experience.
Subscription Business and PSD2
PSD2 will apply to any business accepting online payments from their customers. Naturally, this means it will apply to subscription businesses too. PSD2 will mean verifying a subscriber’s identity when they subscribe to a product or service online. As per the Financial Conduct Authority in the UK
, PSD2 will apply to the initial purchase when subscribers set up a Continuous Payment Authority (CPA)
– the authorisation for businesses to charge a customer’s credit card on a recurring basis. While the approach taken by other EU regulators is not yet clear, it is likely that they may follow a similar path and businesses will be required to authenticate customers only during the initial purchase.
Subscription businesses that take card payments will have to make their new subscribers go through additional authentication after PSD2 comes into effect. It will also apply to subscription businesses that offer ad-hoc/one-time purchases too.
The Impact of PSD2 on Subscription Businesses
While PSD2 may introduce a little bit of friction into the payments process which may potentially impact conversions, the larger objective of fraud reduction will be a net positive for the subscription industry in the long run. Subscription businesses now need to think about bundling their services and designing the customer subscription journey in such a fashion that they can reduce the number of independent purchases and stay PSD2 compliant. For example, by moving to an account-based model where customers set up one recurring billing
agreement and then can add multiple products and services to that account.
According to the European Commission
, it wants to develop the larger e-commerce industry by building consumer trust while reducing fraud affecting online payments, which are subject to higher risks. This requires businesses to adapt their IT systems and business models to ensure that they are more secure. PSD2 will certainly go a long way in enhancing customer trust in subscription businesses, and that is never a bad thing!
Blog updated on 29th October 2019 to reflect the latest changes to the PSD2 authentication deadline.