Did you say DSP2? But what are we talking about?
PSD2, or the "2nd version of the European Payment Services Directive", is a regulatory standard designed to tighten controls on bankcard payments by requiring your customers to identify themselves using strong authentication. By "strong" authentication, we mean a verification method designed to ensure that the customer is indeed the customer. This involves asking the customer for one of the following pieces of information:
- an element known to the customer, such as a password or PIN code;
- an item owned by the customer, such as a telephone;
- an element defining the customer, such as a fingerprint or facial recognition.
To make authentication "strong", the system will therefore require the customer to double authenticate, i.e. verify his or her identity using two of the three methods described above. As a consumer, you will be familiar with this system in your daily life, under the name 3D Secure.
What are the changes for you and your customers?
For you and your association
If you are currently a Colloquium customer, you don't need to take any particular steps. You can simply inform your bank advisor that the software used for your congress registrations or association memberships (Aventri) is now compliant with DSP2. Colloquium's bank (CIC or Crédit Mutuel as the case may be) has indicated that it will comply as of April 1, 2021.
For your customers (participants or members)
All transactions will now use the 3DSecure (v2) protocol, which means that :
- If the amount is less than €30, the customer will be exempt from strong authentication if there have not been 5 CB payments since the last strong authentication and if the sum of these 5 payments does not exceed €100.
- When the amount exceeds €30, the customer's bank decides whether or not the third-party site merits strong authentication. In our experience, some banks systematically require strong authentication for amounts over €200, and apply the 5-settlement rule between €30 and €200. Some banks make exceptions for business cards. We encourage you to contact your bank for further details.
Thanks to V2, we can now offer the following authentication methods: payment validation via your customer's banking application, two-factor authentication, and secure handling of more data to promote frictionless authentication.
For all events / files managed with a CIC/Crédit Mutuel & Monetico payment account
BEFORE
AFTER
Anti-fraud filter
YES
NO
Trigger strong authentication
> 2000€
> 30€*
3DSecure
YES
YES
SMS payment validation
YES
YES
Secret code payment validation
YES
YES
Payment validation by mobile application
NO
YES
Biometric payment validation
NO
YES
Two-factor authentication
NO
YES
Cost per transaction
UNCHANGED
*rules depending on the customer's bank