PSD2: What does the payment services directive mean for your nonprofit organisation?
Thousands of years have passed since human beings made the first exchange of goods using a coin; the first donation ever made followed years later.
Since then, the payment market has evolved immensely. Humans invented paper money, then credit cards. Today, we have moved payments online through e-commerce, and new methods of payment have risen, some of them even involving our mobile devices.
The next big step in this journey will be the PSD2 (Payment Services Directive), the Directive of the European Union on Payment Services that will shape the digital payment sector in the coming years, and in some cases, has already done so.
The PSD2 will bring some innovations like Open Banking, make our transactions more secure with the SCA (Strong Customer Authentication), and will open new opportunities to provide new and better services to your online donors. However, this also means there will be some inevitable changes in the way your charity operates its online fundraising.
In this article you’ll find out what the PSD2 is about, what it means for your charity, and what your nonprofit can or needs to do when collecting donations digitally.
What is the Payment Services Directive 2 (PSD2)?
The PSD2 is a directive from the European Union, which is intended to regulate digital payments across the EU, following the PSD1 of 2007.
The key points of this directive are:
– Rules of Open Banking
– Third Party Payment Providers
– and SCA (Strong Customer Authentication)
Open Banking is the possibility for third party services to have access to an individual's bank details. For example, you could subscribe to an online service that (under your authorization) could access information from your bank or financial accounts and provide details of your various investments or expenses in one place.
This will also allow the creation of new Third Party Payment providers: services that will allow you to start a payment online with a payment service provider, which is not the bank in which you have your account (you may have seen services like these that are part of the FinTech environment).
What is SCA (Strong Customer Authentication)
In order to render digital transactions more secure, the Strong Customer Authentication rule requires that, for online payments, the person who pays must identify himself through at least 2 of these elements:
something you know: for example, a pin or a password
something you own: for example, your phone, or a hardware token
something you are: for example, your fingerprint, or your face ID
This means that, when you pay online, after you have entered the CSC, security code of your credit card, (“something you know”), you may be asked to validate the transaction by entering a code generated by the app on your phone (“something you own”) or entering your fingerprint on your bank app (“something you are”).
This applies to all online payments, including those done through fundraising solutions for example, by your charity's supporters.
Exceptions to SCA
The SCA, depending on the payment method, may require from the payer some additional actions that could lead to the loss of the payment.
The directive also includes some exceptions in which the SCA is not required.
The main ones are:
- Payments below 30 euros (5 in a row with a maximum of 100 euros sum).
- Subscriptions, like regular online donations (if the payment is activated by the merchant, it could also be of a variable amount).
- Trusted beneficiaries (whitelisting): after you have made an online payment, your bank may ask if you do not wish for the SCA to be requested for future payments made to that same merchant.
- “Low risk transaction exemptions”: if the percentage of fraud that the Payment service provider witnesses is below some strict threshold, the Payment service provider may ask not to apply the SCA.
Those are the main exceptions for Strong Customer Authentication. For a complete overview and more details, read this “Stripe Guide to SCA”.
Please consider that banks may, in any case, decide to be even more strict, and not to apply those exceptions. As an example, you may be required to authenticate yourself even for a transaction of 10 euros.
The steps we have to take
As of January 1st 2021, SCA has not yet been fully applied. Most European countries have decided to take a step by step approach, which will be different from country to country. As an example, in France, SCA will be mandatory as follows:
- In January, for payments above 1,000 euros
- In February, for payments above 500 euros
- In April, for payments below 500 euros
For a more complete overview of the different approaches by country, take a look at this article.
This SCA thing seems to be annoying, doesn’t it? Wasn’t it just easier to pay without authentications?
You are right! But think about it this way: when you go to a hotel, it would be nice to show no ID or reservation number. You would just walk through the door, say your name and that’s it. So much time would be saved during the check-in, and there would be much less stress (“where is my ID? It was in my wallet just a second ago…”).
However, that would allow anyone to easily pretend to be the one who made the reservation. This would be a great risk for hotels, as well as the customer who paid for the booking.
So, think about SCA as a way to let your donor feel (and be) more safe when they give to your non profit organisation. Giving is also a matter of trust, and those rules are intended to strengthen your donors’ trust in your charity.
Someone once said, “it is difficult to make predictions, particularly about the future”. But based on what we know, we can make some guesses.
- After a few months of difficulties (you may expect a few more failed transactions. Find out here how to avoid this) people will get accustomed with SCA, and will understand the value of being more safe. Digital transactions will continue their rise in replacing cash and other traditional payment options like checks.
- Credit and debit cards, after their apogee, will go into decline: they are more expensive than new payment methods, which also happen to be easier to use and compliant with SCA (think of wallet payments on your mobile phone like Apple Pay).
- Due to the Open Banking and the rise of the FinTech movement, new Payment Service Providers will be created. They will be easy to use with integrated services, many of them based on mobile devices. If your donation form accepts credit cards only, it’s time to reconsider adding other advanced payment methods, especially mobile payments, or you may lose some opportunities.
- Integrations of different payment gateways will be a key point in the growth of online donations.
- Payment methods will be a way to qualify and customise your service to donors. In fact, your organisation would have to send your supporters the right request, at the right moment, for the right action, allowing them to pay with the right method of payment.
- The way the donor pays will become another detail to customise.
What iRaiser can do for you
We are managing the regulatory technical standards & improvements, and our tools embed all requirements needed in order to be PSD2 compliant. Your online donors are safe, and you can rest assured. 😉
Being a SaaS company, we can easily deploy our solution without complex & technical activities on your side.
We operate all across Europe, and we have a dedicated team for integrating payment gateways. We monitor news and changes in the payment market, to continually provide up-to-date solutions with the most advanced and secure types of payment.
Moreover, we work with FinTechs to provide you with all the innovation allowed by the PSD2.
Our team is always available to answer any questions or doubts your charity not-for-profit may have regarding the new Payement Services Directive.
And if you would like to learn more about how to improve the conversion rate of your donation forms thanks to some easy improvements to your payment step, download our free whitebook !