17 August 2020 - 3 min Reading time
Making purchases online? That is convenient and easy. It has also become a habit for many Europeans. But these remote purchases must be able to be validated and paid for in a simple and secure manner.
That is why the second European directive for payment services (Payment Services Directive 2 or PSD2), which came into effect in 2019, has created a legal framework for safer payment transactions for consumers and merchants. New rules were developed to provide customers with extra protection when making online card payments. For example, from January 2021, the principle of 'strong customer authentication' will apply.
This means that a consumer must authenticate himself when purchasing a product or service online. For example, with the exception of transactions with a low risk of fraud, it will no longer be possible to make an online purchase by simply providing the bank card number and the code on the back (CVC code).
Strong authentication is already the rule for many daily purchases: when we use our bank card, we also have to enter the PIN code to validate the transaction. Contactless payments are an exception. No PIN code must be entered for payments up to 50 euros per transaction (and 100 euros cumulatively).
In order to apply the new security rules from January 1, all web shops and online operators in Europe must ensure that they have a compatible system.
The Belgian banks, in consultation with the National Bank of Belgium, have drawn up a plan with a view to a coordinated transition. This planning provides for a gradual implementation of the new rules for strong authentication for online purchases. This way, traders who also work online in Belgium can prepare in time.
From August 25, 2020: refusal of amounts higher than 1,500 euros that do not comply with the new regulations.
September 22, 2020: the threshold is lowered to EUR 250.
October 19, 2020: the threshold is lowered to EUR 30.
November 17, 2020: the threshold is lowered to EUR 0.
August 25, 2020 is therefore the first milestone in this planning, with the threshold being EUR 1,500. Online websites and traders, both in Belgium and abroad, must therefore adapt their systems to comply with the European directive. If this does not happen, they risk that the banks will refuse payments that do not comply with the new security rules.
We therefore recommend that merchants contact their payment system provider to check if any changes are required. However, strong authentication for online payments is already well established in Belgium, so many merchants are already in compliance. This is often less the case with foreign online merchants, who have until now been less familiar with strong authentication.
Customers will hardly notice the changes when making their online purchases, as we are already very familiar with strong authentication in Belgium. However, they may be asked to confirm the payment again if secure validation has not yet been provided. It is of course essential that the supplier has brought its payment system into compliance with the new rules.