PSD2 compliance

On 14th September 2019, new requirements for authenticating online payments were introduced in Europe as part of the second Payment Services Directive (PSD2).

Under PSD2, Strong Customer Authentication (SCA) is a European requirement. Payment providers must use two separate authentication elements from the below to verify an online transaction:

• something the customer knows (e.g., password or PIN)
• something the customer has (e.g., phone or hardware token or OTP)
• something the customer is (e.g., fingerprint or face recognition).

Our online checkouts, e-commerce plugins and payment tools are fully PSD2-compliant with 3DS being handled by our third-party partner, Modirum, and the card issuers.

We have added SCA as a requirement to all Viva Wallet POS terminals. A customer PIN is requested every time transactions add up to a total of £150, or five transactions have been made, whichever comes first. There is nothing to be done on the merchant’s side as all our POS devices have been upgraded automatically.