The world today is a global village, a borderless economy, where what ever happens in Europe and America as global economy leaders affects and determines the economic trends elsewhere in the world including Africa and particularly Nigeria. This is why the above information is very fundamental to the growth and sustainable planning of both organizational and personal economy and strategy Thus: If you accept payments online as a store merchant or you make payments online as a paying client/customer or you develop web apps that do, you may have noticed some new acronyms like “SCA”, “PSD2”, and “3DS2.0” floating around.
As the world of online payments continues to evolve, new regulations and new technologies to support these regulations, become necessary to understand and comply with. This article aims to clarify what is changing with how you accept payments online.
Payment Service Providers in Nigeria for instance, such as Paystack and Voguepay, are regulated primarily by the Central Bank of Nigeria (CBN). Players in the online payments space handle sensitive payment card data, and are as a result, required to be certified by the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS certificate is issued by the Payment Card Industry Security Standards Council (PCI SSC), a regulatory body created by all the major Card Associations to ensure that online payments facilitators have the required infrastructure for handling, transmitting, and processing sensitive information. To ensure that these strict regulations are met, Payment Service Providers like Paystack and Voguepay are subjected to frequent audits and reviews.
More so The European Union (EU) has a set of regulations called the Payment Services Directive (PSD). These regulations govern how online payments are to be conducted. The PSD, first introduced in 2007, was recently revised to adopt modern security standards and take advantage of recent advances in mobile payment technology. This updated version of the directive, more commonly known as PSD2, aims to improve the EU economy by reducing fraud and increasing innovation in the financial technology industry.
PSD2 adds new rules for how online payments must be conducted, including the implementation of Strong Customer Authentication (SCA). This is essentially 2-factor authentication for “high-risk” online payments. Integrating SCA into payment gateways allows banks and card issuers to provide a security challenge to users if the transaction is determined to have a higher risk for fraud. Some transactions are exempt from SCA requirements, such as fixed-price automated recurring payments and transactions under €30, but most will require the user’s card issuer to determine whether or not a security challenge is required for the transaction. 3D Secure 2.0 (3DS2.0) is the new authentication protocol which makes SCA possible. 3DS2.0 allows more information to be provided to issuers when determining a transaction’s risk, such as device information and payment history, This means fewer “false-positive” declined transactions by the bank and an overall smoother checkout experience for you and your customers.
Effective September 14, 2019, banks and card issuers in the EU will begin declining payments for most transactions through payment gateways which do not implement SCA.