We’ve put together some commonly asked questions to provide help with the new Strong Customer Authentication regulation and what it means for you as a Goodspeed customer.
What is PSD2?
The revised Payment Services Directive (PSD2) updates and enhances the EU rules put in place by the initial PSD adopted in 2007. The PSD2 sets out strict security requirements for electronic payments and the protection of consumers’ financial data.
What is SCA and what’s the purpose of it?
PSD2 states that payment service providers are required to ensure strong customer authentication (SCA) for the initiation and processing of electronic payments. Basically it means that banks need to verify your transactions through an identity check, which is set to reduce fraud and make online payments more secure.
When does SCA come into force?
Strong Customer Authentication was due to come into force on 14 September 2019. However, payment service providers are allowed to apply for an extension to the proposed deadline giving them more time to implement the tools and processes needed. The transition to SCA enforcement is thus expected to be gradual.
Who is responsible for SCA?
While we've been taking steps on our side to minimize the impact of SCA to your Goodspeed payment experience, it is your bank that determines when and how you will need to verify your payments.
How will my Goodspeed payments be at less risk of fraud?
This is how we do our part in making sure your payments are safe:
- When you use the Goodspeed service your bank might require additional payment authentication.
- We will send you an email asking you to authenticate the payment by signing in to your Goodspeed account and hitting Confirm.
- If required, you need to be ready to provide an extra step to confirm it’s really you. This could mean your bank using a number of verification methods such as a passcode via text message or using your banking app on your smartphone.
Are any transactions exempt of authentication?
There are specific types of low-risk payments that may be exempted from Strong Customer Authentication. One such exception is low value transactions below 30€. They usually DO NOT require SCA. However, SCA will be required after five exempt transactions or if the sum of previously exempted payments exceeds 100€.
What about monthly fees?
SCA applies to subscriptions, too. After September 14, 2019, you may need to authenticate the first payment of your subscription. Exemptions may apply for recurring charges in some cases, including those that began before September 14, though it is your bank that determines whether to require SCA or accept the exemption.
Do I need to do something to prepare for SCA?
To make the payment process as smooth as possible, we suggest reaching out to your bank and making sure your contact details are up to date to ensure delivery of verification messages from your bank. You can also contact your bank for more information on these changes, including the ways of confirming who you are.
Depending on your bank there might be an option to add trusted beneficiaries. When completing authentication for a payment, you may have the option to whitelist us to avoid having to authenticate future Goodspeed payments.
What happens if the authentication fails?
Your bank may let you try again but if you cannot authenticate, we suggest trying a different card. If the authentication issue prevails we are forced to block the Goodspeed service to prevent any misuse or fraud.
We advise you to ensure you have updated your contact details with your bank in case they try to contact you regarding your card payments.
Does SCA apply to my payments if I’m an invoiced customer?
Goodspeed invoicing customers are not affected by strong customer authentication since there are no electronic payments involved with invoices.
Does SCA apply to my payments if I’m outside of the European Economic Area?
Possibly yes. SCA applies to online card payments when the acquiring bank or payment processor is in the European Economic Area (EEA) and your payment instrument is issued in the EEA. The EEA includes all European Union member states as well as Iceland, Liechtenstein, and Norway.