Guides
Sign In
Start typing to search…

PSD2 and SCA compliance

Understand European payment regulations and how FastSpring handles compliance.

All e-commerce transactions in the European Economic Area (EEA) are subject to Strong Customer Authentication (SCA) regulations.

Transactions are only affected if a consumer’s issuing bank requires them to go through the SCA flow. If this is the case, they may be required to enter a 2-factor authentication (such as a code sent to their phone) to complete their purchase.

Note: FastSpring Sellers do not need to take any additional action to be compliant regarding PSD2 and SCA. We support these changes on your behalf to deliver a seamless experience.

The sections below explain the regulatory background, FastSpring's compliance solution, and the impact on decline rates. Select a card or use the TOC on the right to jump ahead.

PSD2 & SCA
Learn about the payment directive and authentication rules.
Compliance
How FastSpring manages compliance as the Merchant of Record.
Business Impact
Why compliance is critical for conversion rates.
Resources
External links and blog posts.

Understanding the regulations

The tabs below detail the definition of the directive and how FastSpring implements compliance.

The European Union’s second Payment Services Directive (PSD2) is an EU-wide initiative designed to provide increased security for online shopping through a process called Strong Customer Authentication (SCA).

How it affects shoppers

Now that PSD2 is in effect, shoppers using European Union credit cards may be asked to confirm their identity (via 2-factor authentication) before checking out with FastSpring.

Who is affected?

FastSpring ensures that only shoppers attempting an eligible transaction experience SCA, and only when required. For transactions that are not eligible for PSD2, the customer experience remains unchanged.

For more information, visit the European Commission website.

Why is this important?

Payment providers and banks are legally required to enforce PSD2. Under these requirements, SCA is mandatory for all payer-initiated transactions where both the card issuer and the acquirer are located within the EEA.

Risk of Non-Compliance: Online businesses that do not fulfill SCA requirements will likely see decline rates increase and conversion rates decrease as banks reject non-authenticated payments.

Additional resources

Updated about 2 hours ago