PSD2Revised Payment Services Directive
EU regulation that mandates Strong Customer Authentication (SCA) for most online card payments and opens bank APIs for licensed third parties.
· Reviewed by senior engineers
PSD2 (the revised Payment Services Directive) is EU regulation that has two big effects on commerce. First, it requires Strong Customer Authentication (SCA) — two of three factors (something you know, have, are) — for most online card payments above small thresholds. In practice this means 3D Secure 2 challenges during checkout. Second, it mandates open banking: licensed Account Information and Payment Initiation providers can call bank APIs on a customer's behalf.
For merchants the day-to-day reality is checkout friction. An SCA challenge mid-checkout adds steps and can leak conversion. The mitigations are exemption flags (low value, low risk, trusted beneficiary, recurring) that let merchants and gateways request the challenge be skipped where regulation permits. Getting these flags right is worth real money.
The UK followed PSD2's SCA requirements after Brexit under FCA rules; other jurisdictions have parallel regimes. Any merchant selling cross-border into the EU/UK needs to handle SCA properly or watch authorisation rates fall.
Devinsta configures gateway exemption logic, tunes 3DS2 risk scoring, and instruments authorisation drop-off as a first-class metric. SCA is non-negotiable, but the user experience around it is very much in the merchant's hands.
