Preparing for the second Payment Services Directive: an interview with our Senior Risk Manager
This month, Gianmichele Zappia, Senior Risk Manager, spoke with the EHI Retail Institute on the upcoming implementation of the second European Payment Services Directive (PSD2), how we are preparing for the new regulations, and how it will impact customers.
Read the original interview, in German, on EHI Retail Institute.
What is the second European Payment Services Directive (PSD2) and how will it impact customers at GetYourGuide?
PSD2 will come into effect on September 14, 2019. The main intent of the directive is to create a safer and more transparent environment for online payment transactions.
From a consumer, and consequently merchant, perspective, this directive will change the way we shop online since it will require, in most cases, a Strong Customer Authentication (SCA) on all customer-initiated payments. SCA means there will be an extra identity verification step before a transaction is authorized by the bank; for example, using a pin number sent to your mobile phone or using your fingerprint to complete a payment. It should be noted that the criteria may vary and exemptions can be applied on a case-by-case basis.
How do you stay informed on new PSD2 regulations and updates?
We mostly follow online industry-specific publications, blogs, newsletters, online forums on payment and fraud, and fraud-related updates from GetYourGuide vendors. We also created a small internal channel at GetYourGuide where different stakeholders, mostly from our Payment, Risk, Tech and Legal teams can share any relevant news and information on PSD2.
Who are you working with both internally and externally to prepare for PSD2?
Outside GetYourGuide, our main contact person is Adyen, our PSP. From day one, they have effectively and clearly communicated the relevance of the new directive and how it will affect merchants and customers alike. Internally, we have a legal advisor who reviewed the new payment directive extensively and prepared the compliance framework for the tech work needing to be done.
Are you planning to implement any Strong Customer Authentication (SCA) exemptions?
Due to the nature of our business model, we will only be able to partially apply exemptions based on transaction value and, obviously, non-EU issued cards.
Do you feel prepared for the launch of the new regulations on September 14, 2019?
Absolutely. As we speak, we have almost completed the implementation of 3ds 2.0 functionality into our payment flow, and we are ready to test it in production. We not only want to leverage on the possibility of getting an automatic liability shift from the issuers as of April 2019 (when applicable), but we also want to ensure that, as of September, all these changes will have a minimal impact on our customer's ability to purchase our products. The last thing we want is to ruin someone's holiday because we weren’t prepared.
What are your top 3 key learnings when dealing with PSD2?
As someone who works in Fraud Prevention and Payment, I would strongly recommend to get everyone else in your company up to speed and on board as soon as possible.
When it comes to PSD2, the significance of the changes that will occur as of September, and the consequences for your business, you should make clear to all the relevant stakeholders in your organization that there is no such thing as "over" preparing. Allocating resources well and planning correctly will make all the difference.
As merchants, we should look at PSD2 as an opportunity rather than a threat to our revenue. Customers are normally faster than we think in embracing technology changes, especially when these changes were made with their best interests in mind.
Depending on the size of your company and the complexity of your payment management infrastructure, your PSP point of contact is probably your best friend when it comes to regulatory and technical expertise concerning PSD2. Don't be afraid to ask questions, and ask them as soon as possible.