OVERVIEW: COMPLYING WITH

PSD2

CONTENTS1. What is PSD2?2. What is SCA and why is it important?3. What are two-factor authentication and 3DS?4. What are the differences between 3DS and

3DS v2 and why are they important?5. How will Zuora help my organization comply?

What is PSD2?PSD2 is an extensive revision of the European Union’s “Payment Services Directive” regulations

PSD2 Objectives

● Standardize regulations and integrate the market for payment services across EU countries

● Ensure fair competition and transparency● Opens payment services ecosystem and reduces bank monopoly

on providing services by mandating that, upon account holder consent, they make account data available by API to third-party service providers

SCA stands for Strong Customer Authentication

SCA is one of the mandates of PSD2 and requires that merchants use two-factor authentication to reduce the risk of fraudulent transactions

As a growing number of transactions take place online, especially on mobile devices, SCA will help to

● make it easier for customers to pay ● reduce the risk and cost of payments fraud

What is SCA and why is it important?

Two-factor authentication (2FA) is a way of confirming a user’s identity by validating information from two or more of the following categories:

1. Knowledge - Something they know (e.g. user id / password)

2. Possession - Something they possess (e.g. security token, one-time code from SMS/e-mail, secret code, etc.)

3. Inherence - Something they are (e.g. biometrics)

3DS stands for 3D-Secure, an open standard used by major credit card brands to authenticate cardholders to prevent fraudulent payments

3DS is one of the primary ways for Payment Services Providers to

comply with the SCA mandate.

What are two-factor authentication and 3DS?

3DS vs 3DS2 - Why are the differences important?3DS v1 3DS v2 So what?

For payment cards only

Also supports mobile and digital wallets

Greater flexibility and support for mobile e-commerce

Designed for desktop web

Streamlined for mobile interaction models/devices

3DS2 adoption expected to be greater because it is easier to use

Requires 3rd-party pop-up screen to authenticate

No 3rd-party popup screen The authentication popup screen adds friction to checkout process. It also looks like a phishing attempt to an unsuspecting user.

Higher false declines Modified authentication flow reduces false declines

Customers likelier to abandon transaction or use a different payment method

No merchant opt-out or exceptions

Lower-value transactions exempted from validation, depending on merchant’s fraud rate

Greater flexibility and alignment of the protocol to the risk of a particular transaction

10 data points captured

Up to 150 data points captured Issuer can make better decisions about the validity of the transaction with more data, preventing both fraudulent transactions as well as false positives

Zuora provides seamless integration with your payment gateways, simplifying and automating collections

As part of your comprehensive PSD2-compliant solution, Zuora intends to provide the following:

1. SCA-compliant implementation of 3DS (3DS v2)2. 3DS support extended across applicable payment

gateways3. Hosted Payment Pages updated to support

enhanced 3DS, where applicable

How will Zuora help my organization comply?

1. Update your HPM page configurations*

2. Update your gateway configurations to use a version that supports 3DSv2. Note: Some integrations may support 3DSv2 without requiring an update.

What will I have to change in my tenant?

*Note: Initially, we will support3DSv2 via embedded iFrame only. Direct POST support will come later. If you are currently using the Direct POST profile for HPM, you will need to adopt the embedded iFrame profile temporarily.

Thank You!