Thousands of years have passed since human beings made the first exchange of goods using a coin; the first donation ever made followed years later.
Since then, the payment market has evolved immensely. Humans invented paper money, then credit cards. Today, we have moved payments online through e-commerce, and new methods of payment have risen, some of them even involving our mobile devices.
The next big step in this journey will be the PSD2 (Payment Services Directive), the Directive of the European Union on Payment Services that will shape the digital payment sector in the coming years, and in some cases, has already done so.
The PSD2 will bring some innovations like Open Banking, make our transactions more secure with the SCA (Strong Customer Authentication), and will open new opportunities to provide new and better services to your online donors. However, this also means there will be some inevitable changes in the way your charity operates its online fundraising.
In this article you’ll find out what the PSD2 is about, what it means for your charity, and what your nonprofit can or needs to do when collecting donations digitally.
The PSD2 is a directive from the European Union, which is intended to regulate digital payments across the EU, following the PSD1 of 2007.
The key points of this directive are:
– Rules of Open Banking
– Third Party Payment Providers
– and SCA (Strong Customer Authentication)
Open Banking is the possibility for third party services to have access to an individual's bank details. For example, you could subscribe to an online service that (under your authorization) could access information from your bank or financial accounts and provide details of your various investments or expenses in one place.
This will also allow the creation of new Third Party Payment providers: services that will allow you to start a payment online with a payment service provider, which is not the bank in which you have your account (you may have seen services like these that are part of the FinTech environment).
In order to render digital transactions more secure, the Strong Customer Authentication rule requires that, for online payments, the person who pays must identify himself through at least 2 of these elements:
something you know: for example, a pin or a password
something you own: for example, your phone, or a hardware token
something you are: for example, your fingerprint, or your face ID
This means that, when you pay online, after you have entered the CSC, security code of your credit card, (“something you know”), you may be asked to validate the transaction by entering a code generated by the app on your phone (“something you own”) or entering your fingerprint on your bank app (“something you are”).
This applies to all online payments, including those done through fundraising solutions for example, by your charity's supporters.
The SCA, depending on the payment method, may require from the payer some additional actions that could lead to the loss of the payment.
The directive also includes some exceptions in which the SCA is not required.
The main ones are:
Those are the main exceptions for Strong Customer Authentication. For a complete overview and more details, read this “Stripe Guide to SCA”.
Please consider that banks may, in any case, decide to be even more strict, and not to apply those exceptions. As an example, you may be required to authenticate yourself even for a transaction of 10 euros.
As of January 1st 2021, SCA has not yet been fully applied. Most European countries have decided to take a step by step approach, which will be different from country to country. As an example, in France, SCA will be mandatory as follows:
For a more complete overview of the different approaches by country, take a look at this article.
This SCA thing seems to be annoying, doesn’t it? Wasn’t it just easier to pay without authentications?
You are right! But think about it this way: when you go to a hotel, it would be nice to show no ID or reservation number. You would just walk through the door, say your name and that’s it. So much time would be saved during the check-in, and there would be much less stress (“where is my ID? It was in my wallet just a second ago…”).
However, that would allow anyone to easily pretend to be the one who made the reservation. This would be a great risk for hotels, as well as the customer who paid for the booking.
So, think about SCA as a way to let your donor feel (and be) more safe when they give to your non profit organisation. Giving is also a matter of trust, and those rules are intended to strengthen your donors’ trust in your charity.
Someone once said, “it is difficult to make predictions, particularly about the future”. But based on what we know, we can make some guesses.
We are managing the regulatory technical standards & improvements, and our tools embed all requirements needed in order to be PSD2 compliant. Your online donors are safe, and you can rest assured. 😉
Being a SaaS company, we can easily deploy our solution without complex & technical activities on your side.
We operate all across Europe, and we have a dedicated team for integrating payment gateways. We monitor news and changes in the payment market, to continually provide up-to-date solutions with the most advanced and secure types of payment.
Moreover, we work with FinTechs to provide you with all the innovation allowed by the PSD2.
Our team is always available to answer any questions or doubts your charity not-for-profit may have regarding the new Payement Services Directive.
And if you would like to learn more about how to improve the conversion rate of your donation forms thanks to some easy improvements to your payment step, download our free whitebook !