Surely by now the acronym PSD2 sounds familiar. If not, you should know that they do not refer to the latest game console model, nor is it the name of a new Star Wars android. It is, on the contrary, a European directive that will affect all people who sell and buy on the Internet. Its aim is to increase the security of payments in the EU, including online payments and mobile payments, and to minimize the risk of fraud.
At the same time, it is an attempt to promote innovation and favor the adaptation of banking services to new technologies, without forgetting the current profile of consumers, who are increasingly electronic, who buy and pay by pressing a touch screen or with a simple mouse click.
But how do they intend to do all that? Well, this ambitious regulation entails fundamental changes in the industry, by giving third parties access to the banks’ infrastructure. That is to say: it regulates access to our bank details by other companies. In practice, this means that online purchases will be somewhat different when paying and it will be necessary to have a mobile phone to carry them out.
This regulation came into force in our country on September 14, 2019 and will be effective in “ecommerce” (such as Amazon or E-Bay) as of January 2021. All Spanish banks are working on their solutions, which will pass in all cases for using mobile banking applications as an authentication tool. If you want to know more details, one of the most digitized entities, ABANCA, has prepared a guide with all the details about PSD2, which we collect in these lines.
How will the PSD2 directive affect me?
Until now, there were very different ways to pay when buying on “ecommerce” portals, such as Amazon or E-Bay. In some they only asked for the card details; other times, the card details and CVV (the verification number located on the back); others, the data and a code that arrives by SMS to the mobile and, even, sometimes, it was possible that the form remembered all the bank details, for other purchases or because the device has them saved, so that you can make your purchases in a single click.
In such a diverse scenario, and with the appearance of new options every so often, the objective of the PSD2 directive is none other than to strengthen the security mechanisms in electronic businesses, to guarantee that whoever makes a purchase is the legitimate owner of the card. And how will they do it? Using strong client authentication or two-factor authentication. For this, using a “smartphone” will be essential.
Two-factor authentication – what is it and how does it work?
Before commenting on all the details about two-factor authentication, you should know that some banks force you to call, appear at the office or do some kind of management to activate it. The good news is that not everyone does. For example, if you have installed your bank’s mobile banking app, it is only necessary to activate the notifications to buy according to the regulations. The bank takes care of everything, you will not have to do any management and you can continue buying what you want.
And because? Because the mobile banking apps of the leading entities in this type of tool (ABANCA, for example) have been fulfilling what is necessary for a long time to identify you safely. Two-factor authentication is a security process that allows confirming the online identity of a user using at least two elements or factors of the three that are currently considered secure.
The technical terms are somewhat complex. In essence, the authentication factors are those recognized as valid to demonstrate that the buyer is you. They can be: something that only you know (your electronic banking codes or the PIN of your bank card), something that only you have (a coordinate card or a single-use code that you receive on your mobile) or something that you are you (like your fingerprint or facial recognition).
All European citizens, regardless of the country they are from and operate with the bank they operate, must use at least two of these three factors to be able to buy on the web. Hence, each bank is opting for a model in accordance with its technological evolution and technical capabilities.