On 14 September 2019, new requirements for authenticating online payments were introduced in Europe as part of the second Payment Services Directive (PSD2).
Under PSD2, Strong Customer Authentication (SCA) is a European requirement. Payment providers must use two separate authentication elements from the below to verify an online transaction:
- something the customer knows (e.g., password or PIN)
- something the customer has (e.g., phone or hardware token or OTP)
- something the customer is (e.g., fingerprint or face recognition).
Our checkouts, plugins and payment tools are fully PSD2-compliant, with 3DS being handled by the card issuers through SMS one-time passwords.
Card present payments
We have added SCA as a requirement to all Viva Wallet POS terminals. There is nothing to be done on the merchant’s side as all our POS devices have been upgraded automatically.
A contactless card payment can be made without the use of a PIN if the purchase is within the CVM limit of the country. There is also a maximum cumulative sum total of payments per country that can be made without a PIN.