PSD2 compliance
On 14 September 2019, new requirements for authenticating online payments were introduced in Europe as part of the second Payment Services Directive (PSD2).
Under PSD2, Strong Customer Authentication (SCA) is a European requirement. Payment providers must use two separate authentication elements from the below to verify an online transaction:
- something the customer knows (e.g., password or PIN)
- something the customer has (e.g., phone or hardware token or OTP)
- something the customer is (e.g., fingerprint or face recognition).
E-commerce payments
Our Smart Checkout, plugins and payment tools are fully PSD2-compliant, with 3DS being handled by the card issuers through SMS one-time passwords.
Card present payments
We have added SCA as a requirement to all Viva Wallet POS terminals. There is nothing to be done on the merchant’s side as all our POS devices have been upgraded automatically.
A contactless card payment can be made without the use of a PIN if the purchase is within the CVM limit of the country. There is also a maximum cumulative sum total of payments per country that can be made without a PIN.