New rules for online commerce are coming into effect 14 September
According to the Association of Danish Internet Commerce (DFIH) 14 September 2019 will be a fateful day. It is on this day that the last part of the EU Payment Directive PSD2 comes into force. The directive sets, among other things, greater requirements for customer authentication (SCA) and thus requirements for online stores online payment systems.
Update
There has been a development in this case. Read all about it here.
Higher requirements on customer authentication - safer online trading
The PSD2 rules from January 2018 aim to make electronic payments safer and avoid cases of abuse. Requirements for strong customer authentication involve two-factor authentication when making payments over the internet. The rules will affect businesses and traders engaged in online commerce.
The consumer must go through at least two of the following elements when approving an online payment:
- Something the consumer knows (e.g. a password)
- Something the consumer has (e.g. a credit card)
- Something the consumer is (e.g. fingerprint)
From 14 September 2019 the web shops must be arranged so that the consumer must approve a payment with at least two factors, for example payment card and a confirmation code on SMS.
In recent months, FDIH has been trying to postpone the rules to enable the online stores to implement the right technical solutions, but the Danish Financial Supervisory Authority maintains the deadline on 14 September 2019.
According to FDIH up to a third of all payments after 14 September 2019 are likely to be rejected as two-factor approval is not possible.
Which payments are covered by the rules?
Not all online payments are covered by the new rules. Small payments under 30 Euro (DKK 225) will be exempt from extra approval. However, a two-factor approval must be made for every five transactions or where the total amount for several small payments exceeds 100 Euro.
In addition, fixed price subscriptions or recurring payments of the same amount to the same beneficiary are also exempt from the two-factor approval. Except for the first payment.
Failure to comply with the new rules
As a business, you will be liable for any losses incurred in connection with any abuse if the rules cannot be complied to. In addition to this, the financial companies, and other players in the payment flow, have the right to reject payments that have not been made with two-factor approval and therefore one can risk losing their payments.
IUNO's opinion
At IUNO we believe it is important for internet businesses to ensure that their online payment solution is ready for 14 September 2019. It is therefore important that companies contact their credit card acquirer or payment solution provider and inquire about the technical implementation of the rules.
Update
There has been a development in this case. Read all about it here.
Higher requirements on customer authentication - safer online trading
The PSD2 rules from January 2018 aim to make electronic payments safer and avoid cases of abuse. Requirements for strong customer authentication involve two-factor authentication when making payments over the internet. The rules will affect businesses and traders engaged in online commerce.
The consumer must go through at least two of the following elements when approving an online payment:
- Something the consumer knows (e.g. a password)
- Something the consumer has (e.g. a credit card)
- Something the consumer is (e.g. fingerprint)
From 14 September 2019 the web shops must be arranged so that the consumer must approve a payment with at least two factors, for example payment card and a confirmation code on SMS.
In recent months, FDIH has been trying to postpone the rules to enable the online stores to implement the right technical solutions, but the Danish Financial Supervisory Authority maintains the deadline on 14 September 2019.
According to FDIH up to a third of all payments after 14 September 2019 are likely to be rejected as two-factor approval is not possible.
Which payments are covered by the rules?
Not all online payments are covered by the new rules. Small payments under 30 Euro (DKK 225) will be exempt from extra approval. However, a two-factor approval must be made for every five transactions or where the total amount for several small payments exceeds 100 Euro.
In addition, fixed price subscriptions or recurring payments of the same amount to the same beneficiary are also exempt from the two-factor approval. Except for the first payment.
Failure to comply with the new rules
As a business, you will be liable for any losses incurred in connection with any abuse if the rules cannot be complied to. In addition to this, the financial companies, and other players in the payment flow, have the right to reject payments that have not been made with two-factor approval and therefore one can risk losing their payments.
IUNO's opinion
At IUNO we believe it is important for internet businesses to ensure that their online payment solution is ready for 14 September 2019. It is therefore important that companies contact their credit card acquirer or payment solution provider and inquire about the technical implementation of the rules.
Receive our newsletter
Aage
Krogh
PartnerSimilar
The team
Aage
Krogh
Partner
Aurora
Maria Thunes Truyen
Junior associate
Caroline
Bruun Ibsen
Senior legal advisor
Josephine
Gerner Amaloo
Legal assistant
Karoline
Skak Kristensen
Legal assistant
Mai
Haaning Kristensen
Legal assistant