All about PSD2
The second Payment Services Directive or PSD2 is a European law which makes electronic payments when shopping or banking online more secure
It aims to make payments safer, increase consumer protection and continue to promote innovation and competition while maintaining a level playing field for all parties.
While some elements of the PSD2 legislation have applied from 13th January 2018, the next phase introduces added security rules referred to as Strong Customer Authentication (SCA) which will see some changes in how you bank and shop online. From 1st January 2021, when you use your card for online transactions you may be asked to verify your identity using at least two factors of identification.
At KBC, we are working to ensure your accounts stay as safe as possible while ensuring your online shopping continues in a convenient way. So that you remain protected, we’ll be getting in touch with all KBC Debit Card and Credit Card Holders before the end of the year to let you how to set up a second factor of authentication. This will be in addition to the One Time Password you’re often required to input when making an online purchase.
Strong Customer Authentication (SCA)
The aim of SCA is to increase security for electronic payments through the introduction of two factor authentication. This is a security process where you may be asked to verify your identity in two different ways - such as with a PIN or a fingerprint.
SCA will be used when accessing online payment accounts or making payments online. KBC already use Strong Customer Authentication, however with PSD2 it will be used more frequently to provide enhanced security such as when viewing your statements in the app.
Your identity will be authenticated using at least two of the following:
One Time Passwords (OTP) are already in use and before the end of year we’ll be telling KBC Debit Card and Credit Card Holders how to set an “e-commerce PIN” on your KBC Mobile App or Online. Once set, your e-commerce PIN, along with a One Time Password, will be used to verify your identity when you make online transactions with your KBC Debit or Credit card.
- Knowledge – something only you know e.g. your eCommerce PIN
- Possession – something only you have e.g. your card reader or mobile phone
- Inherence – something you are e.g. your fingerprint
The requirement for you to have a second factor of authentication will come into force on 1st January 2020.
If you do not set your eCommerce PIN before 1st January 2021, it could impact your ability to complete online transactions with your KBC Debit or Credit card.
Open Banking allows customers use the services of regulated Third Party Providers (TPP) to provide the following:
1. Payment Initiation Services
When buying online from a retailer, you’ll be offered the option to pay directly from your bank account, using an authorised TPP, instead of entering your debit or credit card details. TPPs who offer this service are known as a Payment Initiation Service Providers – PISPs
2. Account Information Services
This allows you to use the services of an authorised TPP to help you manage your accounts in a clearer and better manner. TPPs who offer this service are known as an Account Information Service Providers – AISPs.
If you choose to use these services, you’ll need to give explicit consent to the TPP. You choose the services that a TPP can provide, and you can always revoke consent at any time.
You’re in control.
All TPPs are regulated by the Central Bank of Ireland or by the National Competent Authority of their home European Union state. This means that these TPPs are subject to strict security and data protection laws, similar to KBC. KBC will always check that the TPP is regulated before they grant access to them.
Before you give consent, you can also request information from the TPP, confirming they are a regulated entity.
Open Banking will allow KBC customers to securely and conveniently view their account information, balances and transactions from other banks from within their KBC Mobile App! Open Banking is made possible by PSD2.
For more information on PSD2 you can view the European Commission PSD2 Factsheet (pdf, 83KB)