What's PSD2 authentication?
The European Directive on payment services in the internal market, or PSD2, was decided in the fall of 2019 but the French regulator offered 18 months to implement it.
The purpose of this regulation is to strengthen the level of payment security and to protect consumers by imposing strong authentication procedures for account access and payment transactions.
Strong authentication in the sense of PSD2 involves a verification at each account access and transaction level, using at least two of the following means:
a password or code that only the user knows.
A device (mobile phone, smart card, etc.) that only the user has.
A personal characteristic of the customer (fingerprint, voice or facial recognition,...)
Verifications used at Spendesk
We chose to implement the following verifications at Spendesk:
access to your secure account by password / Google Auth / Microsoft Auth / SAML SSO.
A 3-D Secure verification (a secure protocol) of each of your online payments (on websites using 3DS).
Important 🚨 : If you are using a recurring card, our banking partner has applied a threshold for security reasons. Above 500€, even if the merchant has requested an exemption of 3DS for recurring payments, they will be declined if the user doesn't confirm via 3DS.