Are you ready for PSD2?
In September 2019, the new Second Payments Services Directive (PSD2) requirements for authenticating certain online payments come into effect in Europe. PSD2 aims to regulate payment services and payment service providers in the European Economic Area (EEA), in order to make online payments more safe and secure. Banks and other financial institutions in the EEA will have to comply with these regulations, though the UK and other areas of the world will most likely adapt to these new rules as well.Accepting payments in the age of PSD2 means adding more authentication steps into payment systems, using at least 2 of these 3 elements:
- Knowledge: Something the user knows like a password or PIN
- Possession: Something the user possesses like a phone or hardware token
- Inherence: A unique feature of the user like a fingerprint or facial recognition
Using 2 out of these 3 independent elements means that any breach in one of the elements does not compromise the reliability of the others.
PSD2 is also connected with Strong Customer Authentication (SCA), which is a regulation that helps reduce fraud and make online payment more secure. SCA applies to “customer-initiated” online payments in Europe, meaning card payments and bank transfers will have these requirements. However, even in this new regulatory environment, certain low-risk payments may be able to gain exemptions.
Exceptions may include:
- Low-risk transactions and payments below a certain threshold
- Fixed amount subscriptions and recurring payments
- “Merchant-initiated” payments like recurring direct debits
- Trusted beneficiaries of the bank or service provider
- In-person card payments apart from contactless payments
- Phone sales or “Mail Order and Telephone Orders” (MOTO)
- Corporate payments on a corporate card
Read more about these potential exemptions here.
Inevitably, PSD2 will also overlap with 3D Secure 2.0 (3DS2), Two-Factor Authentication (TFA), One-Time Passwords (OTP), and Multi-Factor Authentication (MFA) (source). As many of these are already used in payment systems around the world today, the transition process may not be entirely that complicated. It is still worth taking a look at the opportunities and challenges your airline may face under these new regulations.
Implications for the Airline Industry
- Better fraud avoidance: Making secure payments instantly/online reduces the potential for fraud and foreign exchange mishaps.
- Reduced costs: PSD2 will help reduce airline costs for transaction fees, fraudulent transactions, and compliance.
- Greater security: For consumers, there will be enhanced protection against fraud and liability, as well as strong, secure customer authentication. Consumers will have more confidence using online services, which themselves will be more transparent.
- More competition and innovation: Due to these new European regulations, which will most likely be adopted internationally, there will be more competition in the industry and thus more innovation necessary. This is an opportunity for you to break the mold and do something truly unique! Plus, increased competition normally drives down costs.
- Complying to PSD2: For many airlines, agencies, and third parties, adapting to the new rules and regulations of PSD2 could be difficult, depending on what type of payment system you’re using.
- Adapting to payment preferences: Customer payment preferences are constantly changing, and in fact, they differ between regions and even countries. Your airline needs to accept these popular payment methods and AFOPs.
- Creating a frictionless experience: Stronger data security and authentication may mean more steps in the payment process and creating a seamless payment experience influences abandonment rates.
- More competition: This can be an opportunity or a challenge for your airline. Airlines, OTAs, TMCs, travel agents, and other travel industry players will all be vying for a piece of the pie. Thus, your agency partnership will be more important than ever.
Even before the emergence of PSD2, consumers had become more aware of their data security than ever before. Now, the European Union is finally making digital security and transparency a priority through PSD2. With the new rules and regulations that are coming, it is time for your airline to take a deeper took at your payment strategy and Payment Gateway platform. You must understand and assess these regulatory changes and be prepared to proactively alter your payment strategy internally and via agency partners and third parties.
So, is your airline ready for PSD2?