Does JustOn comply with PSD2?
Under the Second Directive on Payment Services (PSD 2), payment service providers are required to apply strong customer authentication (SCA) with electronic payments and credit card payments made online throughout the European Union.
What is SCA?
Strong customer authentication constitutes a form of two-factor authentication. It must involve two independent elements, which are derived from two of the following three categories:
- knowledge, like a password
- possession, like a mobile phone
- inherence, like a finger print
The (legacy) JustOn Self-Service Extension has included a payment page. It has provided invoice recipients the option to pay their invoices. To this end, the JustOn Self-Service Extension has integrated with payment service providers.
Whether your solution is PSD2/SCA-compliant depends on the payment service you integrate. Consider the following aspects:
- In Germany, the SCA requirements for online credit card payments have been temporarily suspended. For details, see PSD 2: BaFin allows for simplifications in customer authentication.
-
The Stripe integration shipped with the (legacy) JustOn Self-Service Extension as of version 1.45 has been SCA-ready.
Note
If you have used the automatic payment collection with Stripe in earlier versions, the saved payment instruments may no longer work. Make sure to have them recreated with a more recent version of the JustOn Self-Service Extension to guarantee PSD2/SCA compliant tokens.
-
The (legacy) integrations with PayPal and CyberSource used hosted payment pages. That is, the service providers ensured the SCA compliance.
Related information:
Payment services (PSD 2) - Directive (EU) 2015/2366
Frequently Asked Questions: PSD2
PSD 2: BaFin allows for simplifications in customer authentication