Attention! There are currently mails in circulation, supposedly from Google, which state our mail domain as the sender. Please do not open the links in these mails under any circumstances! Please use the possibility to report these mails as phishing in your Gmail account. Thank you for your cooperation!

Attention! There are currently mails in circulation, supposedly from Google, which state our mail domain as the sender. Please do not open the links in these mails under any circumstances! Please use the possibility to report these mails as phishing in your Gmail account. Thank you for your cooperation!

Attention - phishing emails from Google with our sender in circulation - find out more

This site uses cookies to improve user-friendliness. You can find more information in our Privacy statement

European Payment Services Directive

PSD II

learn more
new obligations for online banking and payment on the Internet

PSD2 - the new Payment Services Directive

With the revised Payment Services Directive (PSD2), which has come into force since 13 January 2018, the European Union has fundamentally changed the payment landscape and PSD2 determines how payments within the European Economic Area will be processed in the future. Above all, banks and financial institutions face major challenges in the implementation of the requirements, especially as they – among others – are obliged to provide third-party payment service providers with access to their banking systems. But even online merchants must comply with the new requirements.

Aimed to better protect online buyers, the PSD2 demands more security in online purchases and introduces strong customer authentication (SCA) - also known as two-factor authentication.

bundesdruckerei

German Federal Printing Office

PSD2 webinar of German Federal Printing Office

new regulations in payment transactions (webinar)
bundesbank

German Central Bank

PSD2 information of the German Central Bank

additional Information
strong customer authentication for online transactions

strong customer authentication with Micropayment

As of 14/09/2019 , an online transaction, must be verified requesting two of the following three characteristics: possession (e.g. map, mobile), knowledge (eg. PIN) or personal or physical characteristics ("inherent", e.g. fingerprint, face recognition). Concretely, a physical item such as a smartphone can be combined with a one-time password or fingerprint before the online payment can be made.

The use of strong customer authentication for all online transactions will be mandatory (with a few exceptions) as of 14/09/2019 , as new regulatory technical standards of the European Banking Authority will enter into force at that time .

micropayment is PSD2 Ready
What is strong customer authentication?

The authentication of a transaction must contain two or more of the following criteria:

In future, nothing other than a fingerprint that is queried via the customer's mobile device will be required to authenticate and release transactions. Instead of relying on the traditional password ("something you know"), your customers can now combine "something you own" (e.g. a smartwatch) with "something you are personal" (e.g. a fingerprint).

  • pin

    something you know

    • password
    • passphrase
    • PIN
    • number sequence
    • secret question
  • fingerprint

    something you are

    • fingerprint
    • lineaments
    • voice recognition
    • iris recognition
    • DNA signature
  • smartwatch

    something you own

    • mobile phone
    • wearable devices (e.g. smartwatch)
    • smart card
    • token
    • badge

Strong customer authentication is always required if

  • someone accesses their payment account online
  • someone triggeres a payment process electronically or
  • someone remotely takes action that carries the risk of fraud in payment or other misuse.

In addition, the following criteria must be met:

  • if an element was not entered correctly, there must be no indication of which element was wrong.
  • multiple incorrect entries lead to blocking
  • Timeout after successful login at inactivity = 5 minutes

Who needs to employ strong customer authentication?

Pursuant to Art. 97 PSD2, PSPs must implement strong customer authentication requirements.
From the PSD2 follows that the requirements for strong customer authentication apply "only" to the payment service providers defined in the PSD2. As a merchant and website operator, you are therefore not required to comply directly with the directive.

strong customer authentication in e-commerce with credit card (fingerprint)

example:strong customer authentication in e-commerce with credit card (fingerprint)

What are the exceptions?

Appropriate exceptions may be requested for certain transactions. Such exemptions are designed to ensure that customers can enjoy a simple shopping experience with added security. Among other things, there are the following exceptions to the obligation to perform strong customer authentication:

Small payments less than EUR 30.00 (gross) still do not require strong customer authentication. However, this will only apply up to a total amount of EUR 150.00 or five consecutive payments, with the period for these successive payments not being determined. The payer's bank keeps track of the amount and the periods of payments made.
For subscriptions or recurring transactions with a fixed amount, only the first transaction that triggers the subscription must be released with strong customer authentication, and subsequent transactions can be executed without strong customer authentication. If the amount changes, a new strong customer authentication for each new amount is requirred.
We see a challenge in recurring transactions with changing amounts. However, regulators have confirmed that "merchant-initiated transactions" are outside the scope of strong customer authentication requirements under PSD2, so most subscription payments are not affected by strong customer authentication.
Phone payment transactions are in all cases not affected by strong customer authentication. MOTO transactions (mobile order/telephone order) are not considered "electronic" payments and are therefore outside the scope of PSD2.
Payments between two companies can still be implemented without strong customer authentication when using a payment method that is intended for such B2B payments. The methods of payment are determined by interpretation by banks and regulators. The most common payment methods such as debit and credit card will be among them.
Payments where the issuer of the payment card is not located in the European Union are also excluded from strong customer authentication. This means that the acceptance of payments from non-European buyers within Europe will not continue to be a problem.
perfectly equipped

Micropayment solutions combine comfort and security

The introduction of the new procedures require highly acceptance from consumers and merchants. To ensure that the payment process in your online shop is not overly influenced by the new authentication methods, Micropayment is currently working together with the cooperation partners on solutions to enable convenient payment processes that meet the requirements of the PSD2 guideline.

The ultimate goal is to make all transactions as secure as possible and to implement all legal requirements in a timely manner. Micropayment payment window transactions will meet strong customer authentication requirements as of September 14, 2019 . The factor of inherence plays an important role, as it transmits behavior-based information to a transaction.

While the new requirements will undoubtedly bring challenges for businesses and banks, Micropayment solutions will mitigate the impact on your online store.


If you use the Micropayment payment windows , you are well prepared for the PSD2 and strong customer authentication requirements. While the new requirements will undoubtedly bring challenges for businesses and banks, Micropayment solutions will mitigate the impact on your online store.

If you use our API interfaces, please contact us separately. From the PSD2 follows that the requirements for strong customer authentication apply "only" to the payment service providers defined in the PSD2. As a merchant and website operator, you are therefore not required to comply directly with the directive. By using our API interfaces, however, there are indirect obligations to support payment service providers in implementing strong customer authentication. By using our API, it is always possible to carry out your own implementation of strong customer authentication right now, if you wish.
psd2 compliant payment window
Hello, how can we help you?
individual advice

Your competent contact persons

We can support you in the following points with a strategic partnership:

  • market-oriented realization of new products & projects
  • building strategic cooperation communities
  • planning, coordination and optimization of payment transactions
  • analysis and forecast of the current target market
  • figuration of your products in international markets

We would like to help you.

Best possible advice is our mission. We support you in the realization and marketing of your productse. Please call:

(00800) 3000 22 55

free of charge from German landline

Integration made easy.

Do you have questions about our payment methods or about the use of our systems? Please contact us by e-mail. We will reply as soon as possible.