PSD 2 Compliance: Adapting to EU’s best eCommerce practices

Vinoth Kottaisamy| Thu Oct 03 2019 CET| Cleeng Nuts & Bolts

Source: Adyen

In the digital age, to remain compliant is to remain successful – and SVoD industry is no exception. When it comes to online streaming services, payment processes are a sensitive issue. 


Here we look at PSD2 compliance and how to adopt the best eCommerce practices in the European Union (EU).

PSD2 includes a mandate for payment service providers to implement strong customer authentication (SCA) with the aim of making transactions more secure for cardholders. Essentially, PSD2 mandates strong customer authentication for online payments and online banking transactions – the subscription model included.

Before the banks authenticate a transaction, the end-user is required to provide two out of three informational factors:

  • Something only the shopper knows.
  • Something only the user possesses.
  • Something the user is (data based on who they are or what they do)

For instance, before the bank authenticates and authorizes a payment, the end-user must supply a one-time authentication code received on their phone (something the end-user has), and a password that only the end-user knows (something the end-user knows).

Presently, this method has been implemented for IDEAL and other Internet Banking services, which is why process improvements are largely focussed on Debit/Credit cards. 

This requirement applies to all banks operating within the EU as well as the buyers who may be using EU-based banks to secure their subscription. 

What’s new? 

The PSD2 changes mainly apply to issuing banks. That said, every bank in Europe has to upgrade their authentication method from 3D Secure 1.0 to 3D Secure 2.0. 

As a result, each time a transaction is triggered from our end, for instance, and it goes to the bank for verification, the bank verifies whether the transaction supports 3D Secure 2.0. If given the green light, the transaction completes, otherwise the bank will refuse the transaction. 

Complying to PSD 2 means that you won’t experience continual refusals and payment declinements from the bank. 

The process summarised:

An end-user wants to buy a subscription. He or she will come into our site, click on the offer they want, and enter their card details to pay. Once they click to pay, we will hand over to Adyen, who then redirects the user to the site controlled by the issuing bank to answer additional security questions. Once the questions are answered, Adyen redirects the user back to Cleeng to complete the rest of the payment process.

Read the complete documentation provided by Adyen

Our solution 

From our research, we’ve discovered a viable way of implementing 3D Secure 2.0 by redirection flow. 

During 3D Secure transaction, the customer is redirected to the issuing bank page to answer additional security questions (usually a unique password or SMS verification).

This visualization following  illustrates the redirect implementation flow in a practical capacity: 

We’ll keep you updated with any developments on this topic. Contact us if you have any questions.