Guides and reports

PSD2 Authentication: The complete guide

Reduce regulatory complexity and optimise for authorisation success.

Ruben Woelders, Product Manager  ·  Product Manager, Adyen
9 August, 2019
 ·  5 minutes

This article was updated in May 2020

There’s a lot to cover when it comes to regulatory changes. In our previous PSD2 articles, we explored the essentials of this European regulation, key changes that may impact your business, and how our 3D Secure 2 solution helps withstrong customer authentication (SCA).

This time we’re focusing on how our new Authentication Engine feature helps you reduce regulatory complexity and optimises for authorisation success.

With an increasing number of parties (national regulators, banks, schemes, 3D Secure providers) interpreting and implementing PSD2 in different ways, it can all get complicated.

For example, some EU countries have decided on different timelines to start monitoring PSD2 compliance.

These complexities and the ever-changing payments landscape directly impact your business growth. More than anything else in the payment space it affects your authorisation rates due to a wide variety of required checks across sets of compliance, transactional, risk, and issuer data.

Data illustration of person and authentication

Connecting data to give shoppers the best experience

And there’s no 'one size fits all' approach. The profile of each transaction needs to be considered based on its amount, if it’s recurring, local regulations, issuers' authentication preferences, your relationship to your shopper, and more.

So how do you stay compliant, trigger the right checks, optimise for certain behaviors, and ultimately get your payments authorised? It’s simple, you employ smart technology and proven expertise to guide you through it.

How to optimise for PSD2

With PSD2’s regulatory requirements taking effect in most EU countries from 31 December 2020, you’ll already have questions about your payment processing setup. Your payment authorisation rates could be in the hands of a preference of one PSD2 SCA exemption over another. Or it might depend on how strictly a bank is enforcing or monitoring authentication. Or maybe it depends on which 3DS2 version you're on. And what happens if one of these settings change? Which they do, often at the last minute.

Our single payments platform has a much higher threshold of data points (100+) to analyse. This improves the logic we can apply to PSD2 SCA regulation and to optimise for authorisation.

To tackle this uncertainty, we've enriched our optimisation toolkitRevenueAccelerate, by using our machine learning intelligence to assess every transaction, beyond just exemptions. By analysing our platform-wide data, the Authentication Engine can identify insights as the PSD2 landscape matures. Plus, at a bank level, the Authentication Engine monitors, identifies patterns and behaviors, and acts on them in real-time.

For example, if regulation allows, we can skip an authentication process so shoppers aren’t interrupted at your checkout because we can see that a bank authorises a transaction with our3D Secure product. Or, if a bank changes its exemptions preferences we can see almost instantly what works from actual transactions we’re optimising across our merchant network.

This means less friction when the shopper is checking out, and transactions are geared towards the best chance of authorisation, no matter what angle PSD2 comes from.

Get the most out of psd2 authentication

To give you context on the complexity of the authentication process around PSD2, as well as show you how with Adyen, you have all your bases covered, we have outlined a range of parties that have different responsibilities surrounding this regulation. These either dictate the way a transaction is treated, or directly impacts its authorisation success.

Further down, we also outline example flows of this authentication decisioning, so you can see it put to practice and the benefits specific to your business.

National Regulators of EEA countries

Illustration of people
Layer of complexityAdyen Authentication Engine
Have autonomy to interpret and enforce PSD2 in different ways. Some may be stricter than others making the application of this regulation different country by country.Completes 3D Secure only if mandated at that point in time, otherwise skips.

European Banks

Illustration of a bank
Layer of complexityAdyen Authentication Engine
Will implement PSD2 based on their national regulators stance. Each bank may have a slightly different exemption appetite (ie. prefer one type over another) or level of 3D Secure readiness and interpretation of scheme rules compared to other banks within that country.Triggers frictionless checkout with liability shift.

Optimises across 3D Secure 2.2, 2.1, 2.2, 1.0 or none.

Picks the ideal exemption path to achieve authorisation while minimising checkout friction.

Card Schemes

Illustration of cards
Layer of complexityAdyen Authentication Engine
Have certain PSD2 rules and regulations that differ from other schemes. Provide national banks with guidance and technical solutions.Finds the best path to reach the issuer in the most seamless way.

Non European National Banks (Out of PSD2 scope)

Illustration of buildings
Layer of complexityAdyen Authentication Engine
Not mandated by PSD2 but may require 3D Secure authentication based on the type of card (ie. Brazilian debit cards) or for transactions undertaken in specific countries with a higher risk settings.Optimises for global authentication requirements.

You can also configure certain authentication rules specific to your business needs.

Optimised Authentication Engine flows

Skip authentication

Business benefits:Reduction in costs, less checkout friction, and faster authorisation.

Skip authentication psd2 authentication flow

The bank is not yet enforcing PSD2 SCA. Even if you send supporting data that meets 3D Secure standards to us, we would skip this authentication step and route the transaction through a 'No 3D Secure flow'. Your shopper will not experience an unnecessary challenge and the speed of checkout is increased. You'll always have control, as you can set rules tailored to your business needs. And, where regulation mandates, we will always meet 3D Secure standards and route accordingly.

Liability shift

Business benefits:Reduction in checkout friction, increased authorisations, and optimised chargeback liability.

Liability shift psd2 authentication flow

The bank does not yet have 3D Secure 2 but you are 3DS2 ready. To avoid any chance of an unnecessary challenge for your shopper, we would send 3D Secure 2 supporting data to the bank to prove your readiness. This shifts chargeback liability to the bank and helps to reduce the impact of a chargeback for you.

However, some banks may behave differently and choose not to authorise in this situation. We will always route your transaction across the route that has the best chance of authorisation, meets bank's preferences, and is friction-free for shoppers.

Optimise for exemptions

Business benefits:Reduction in checkout friction, increased authorisations, less costs, and faster authorisations.

Optimise for exemptions psd2 authentication flow

The bank grants exemptions at the point of authorisation rather than at the point of authentication. Depending on a banks preference for certain exemptions, we would pick the best route.

For example, a bank may prefer full 3D Secure authentication even if the transaction fits an exemption (say for a low value exemption (<€30) )if presented in this way, you may experience faster authorisation.

Next steps for authentication

Over time we’ll see more changes as PSD2 authentication needs mature. Outside Europe, in Australia for example, industry parties are in consultation phases for SCA frameworks, suggesting that other countries will soon follow with more authentication rules.

If you’re using the Adyen platform, our 3D Secure product,Acquiring, and Authentication Engine have you covered for today, tomorrow, and whatever comes up in the future. We’re always here to help too, so if you have any questions around these regulations and our products, doget in touch.

Explore further

PSD2 SCA compliance and implementation guide

The European regulation mandating strong customer authentication will come into effect starting September 14, 2019. Read our PSD2 guide to learn more.

PSD2 Guide


Fresh insights, straight to your inbox

Subscribe to email alerts

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.