New Ecommerce Payment Regulations under EU Payment Services Directive

By Caitlyn Buchanan, 28.05.2019

On 14th September 2019, the European Union will implement new requirements for authenticating online payments under the Payments Services Directive (PSD2). These measures will bring significant implications for businesses involved in ecommerce; selling products or services online. Providers of merchant services will also need to ensure that their online payment gateways are compatible with the PSD2 regulations.

What is PSD2?

In November 2015 the Payments Services Directive (PSD2) was passed requiring all EU registered companies to comply with the directive no later than 14th September 2019. The PSD2 directive calls for stronger customer authentication in order to minimize the risk of fraudulent online transactions. These measures will change the way online payments are processed, ensuring online payment gateways more secure for over 300 million European consumers.

Who does PSD2 apply to?

Compliance with the Payment Services Directive means that anyone completing a payment in the EU over the value of €30 must provide 2 factor authentications. This applies to all online payment transactions in the EU regardless of whether the payee is within the EU at the time of purchase.

All online retailers will have to ensure they’re compliant with the Payment Services Directive and provided improved authentication for online transactions over €30. This means that any online retailers that are using the convenience of a ‘click and collect’ checkout or other forms of single click payment transactions will need to implement 2 factor authentications for all purchases of €30 or more to comply with the PSD2 legislation. Typically, 2 factor authentication requires the customer to supply a one-time code received via a text, email, or phone call to authenticate their payment.

The 2 factor authentication will make the customer payment experience more complex by adding another layer of security to online purchases. Companies should be aware of the customer experience implementing this requirement. If the process proves too cumbersome it could result in fewer purchases and decreased online sales.

Banks and Merchant Services

There are 6,000 banks operating throughout Europe and they will likely have their own interpretation of how to best implement the Payment Services Directive. This could result in inconsistencies if the bank uses a different 2 factor authentication method than the merchant. Various methods could include voice verification, facial recognition, PIN number, fingerprint or other.

Merchant Services providers such as Sage Pay, Stripe, Worldpay etc. may need to enhance their online payment gateways to request a second authentication.  These merchant services providers are encouraged to liaise with the banks in their region to identify a smooth transition.


Online spending is on the rise and this trend is expected to continue. Businesses with online stores selling products or services will need to ensure their current ecommerce systems are compliant and that their chosen merchant service provider has enhanced their payment gateway to be in sync with the major banks in the region. Investment may be needed to avoid any potential negative impact on the user experience as this could affect online sales levels. Striking the right balance between the customer experience and enhanced security could result in improved customer trust. For more information on ecommerce websites please contact Euro Company Formations. Our experts can assist you to ensure your website is compliant with the ecommerce regulations.

Contact US