By Diana Hoffman, director, product marketing
The second Payment Services Directive (PSD2) was enacted September 14, 2019. We’re taking a close look at the new requirements and offering suggestions to travel managers and business travelers to help with adoption of Strong Customer Authentication (SCA), a compliance standard for PSD2.
The goal of PSD2 is to standardize and improve e-commerce payment security in the European Economic Area (EEA). In a nutshell, the European Parliament is seeking to increase the safety of consumers who are paying online for goods and services. Although the primary focus of PSD2 is on financial institutions, there are also impacts for merchants and, most importantly, customers.
5 things to know about PSD2
What is Egencia doing to support PSD2?
Egencia fully supports efforts to ensure increased safety for online purchases and we began preparing for PSD2 18 months ago. We’ve worked closely with financial regulators, card schemes (payment networks linked to credit and debit cards), and the various players in the payments ecosystem to ensure we have plans in place to support the unique complexities of booking corporate travel online.
What can my travelers expect?
If you’re a business traveler in one of the impacted states who is booking on the Egencia platform and you use a personal credit card issued by a European financial institution you may be asked by your bank to validate your transaction using two-factor authentication at checkout. Part of SCA, two-factor authentication adds a second layer of security to protect online transactions by requiring two types of unique information from a purchaser to validate their purchase. Two-factor authentication is a requirement of PSD2 that banks must enforce. We’ve acknowledged this requirement by supporting banks’ workflows for this authentication in our checkout processes.
How can I ensure my travelers are ready for SCA?
The good news is that most consumers are aware of SCA, even if they don’t know it by that name. It’s not unusual for individuals to be asked for two-factor authentication when accessing their banking records online, for example. There are generally three recognized types of authentication factors:
- Something you know: This includes passwords, PINs, or unique code words.
- Something you have: Physical objects such as smart cards or token devices that produce a time-based PIN.
- Something you are: This includes fingerprints, facial recognition, retina scans, iris scans, and voice verification.
You can support your business travelers by making them aware their bank may challenge their online transactions by using two-factor authentication. The two-factor authentication challenge will be visible when they see a pop-up screen when completing check out, for example.
Is whitelisting possible with Egencia?
Whitelisting is a process that allows a card holder to identify businesses they trust. It’s one way card holders can work with their financial institution to exempt transactions that may be subject to two-factor authentication. It’s important to understand that whitelisting is controlled by your financial institution and not Egencia. We encourage you to discuss this exemption option with your bank to determine if it’s the right choice for your travelers.
I’ve heard PSD2 is being delayed. Do I still need to be ready?
SCA is a requirement that falls on the banking entities to enforce. Each EEA member has the discretion to — and some have chosen to — delay enforcement of the SCA requirements. This means the ultimate decision of whether or not to require SCA falls on issuing banks within the EEA. We’ve worked closely with financial regulators, card schemes, and the various players in the online payments ecosystem to ensure our customers’ needs have been addressed and our solutions are SCA-compliant.
Providing the best customer experience from trip planning to safe return is important to us. As this new directive enters the market, our goal has been to ensure we support PSD2 while also providing a smooth checkout process for our customers.
More information on PSD2 is available on the European Commission’s website.