Shops are poorly prepared for a more secure payment system

Merchants are still poorly prepared for the payment system that must be implemented on September 14 under the directive known as PSD2, which will make transactions more secure for the customer through a double authentication system.

The PSD2 directive, for its acronym in English, seeks to reduce fraud in card payment by applying two different security elements, to choose between possession (of the card or mobile), knowledge (a pin), and the inherent (the fingerprint or the iris, for example).

This is a European standard transposed to the Spanish law in 2018, whose development regulation establishes September 14 as the date of implementation, although companies, especially small and medium-sized companies, consider that an extension will be necessary because 75% of the stores that sell on the internet are unaware of the regulations, according to a Mastercard study.

The double authentication of the client will be necessary both to make payments online and in physical stores, although some exceptions have been established in purchases of reduced amount to expedite this type of payment.

This will be the case, for example, in toll payments with applications such as "Vía T" or those for amounts less than 20 euros. In these cases the consumer can make up to five payments without authenticating or up to a limit of 150 euros in total.

Double authentication is already done in some cases, such as when you have to add a pin when paying by card, but now it will be extended to all, and the current route of purchase confirmation will disappear with a code that the user receives by SMS because it does not meet that requirement to prove identity twice.

The application of the directive will speed up payments because the customer pays directly to the store, as if it were a direct transfer, eliminating the intermediate step of the payment platform, for which banks have to open their services to third companies.

Until now, when an online purchase is made, the merchant has to resort to intermediaries such as electronic payment providers, who then contact the card company, which is the one that finally charges the payment in the account of the client.

Then, the payment methods will be faster, without the need to "jump" from one page to another, which for the trade will result in a higher conversion rate (percentage of online purchase operations that comes to an end) and that Now it is lower because in those jumps the consumer gives up the purchase.

The directive also implies a radical change in the relationship between payment service providers and customers and regarding the use of the data, since banks will be obliged to give access to their customers' accounts to third parties if requested headlines.

In this way, a third party can offer you services to manage your finances without going through the financial entity and could, for example, add all the accounts of a client of different entities in a single application.

With these new powers, financial service providers must become regulated entities and will be subject to the supervision of the Bank of Spain.

The directive reinforces the security for the customer also in case of unauthorized use of their cards, because it reduces from 150 to 50 euros the amount that the consumer must assume if it has been subject to fraud or theft.