Ignorance: the worst enemy to comply with digital payment regulations.

European payment regulations, whose objective is to reduce fraud in online transactions, causes social alarm among SMEs who are unaware that they are not responsible for changing their payment systems.

Ignorance: the worst enemy to comply with digital payment regulations.
Ignorance: the worst enemy to comply with digital payment regulations.

The entry into force of the Data Protection Law a little over a year ago was a challenge for the companies they had to face, being forced to update themselves to comply with it. It is not the only challenge they have encountered.

Digitization is another test they have to overcome. In particular, SMEs need a boost, as many lack a roadmap, economic resources, or effective leadership to undertake this change. The transition to a digital company is a long road in many cases. However, on the path to achieve this goal, another fact arises related to it that many insist on qualifying it as a new "challenge."

Do you have an online business based on electronic commerce? If the answer is yes, do you know the new payment regulations that took effect on September 14? The maximum that pursues this regulation, called PSD2, is to protect the consumer in the payments he makes on the Internet. In addition to reducing fraud and phishing, it seeks to improve the customer experience, and thus increase conversion rates.

Fraud is one of the great scourges of the Internet.

Therefore, the PSD2 and, more specifically, one of the most outstanding standards, Strengthened Customer Authentication (SCA), encourages the most notable change. What does this translate?

Until now, to make an online purchase, the card number and the three numbers on the back (CVV) were sufficient. Now, the user to prove their identity will have to choose at least two of these three factors. The first is something that the user has(a mobile phone, that is, the user receives an SMS PIN to the associated phone number in their bank account and thus confirms their possession or card). Something they know (a password) and something the user has (facial recognition, iris or fingerprint).


The complexity of the regulations is one of the main problems, which affects companies that are not clear about their obligations. The lack of resources requires an investment that "sometimes, the SME is not in a position to do or is not willing to do so," together with a certain "reluctance" by consumers when facing new forms of payment when distrusting the security of the process.

"Companies do not feel prepared to ignore the repercussions, even if they use a payment provider they have had to update their technical integrations in addition to knowing the repercussions on the UX and conversion rates," says Borja Santos, CEO of Stripe Iberia

Given this lack of information, the Bank of Spain established a period of the moratorium in its application, in line with the recommendation of the European Banking Authority (ABE). Still, a few days ago, it set a deadline until December 31, 2020, to adapt its systems to the requirements of the European directive.


The main ones affected by the regulations are going to be the banking entities, which should allow access to the data of their clients to the providers of payment services.

What is your task as an SME? If you are an e-commerce manager, your responsibility is to make sure you contact the provider of your payment gateway. (PayPal, Mastercard, for example) or your bank to find out if it complies with double authentication and checks if more adjustments are necessary for the process of buying your website.

"In general, as electronic commerce, I do not manage payments; I have a payment platform that is a virtual POS that belongs to a bank," says Masaltos.com CEO Antonio Fagundo. He adds that they, as merchants, do not affect them; they do not have to do anything to adapt. "What we are doing with this directive is to put many more restrictions on banks and credit institutions so that the payments are more transparent and at the same time opens the range so that new third parties can enter the market and thus a greater offer. So we will have smaller commissions SMEs," he concludes.

Let's give an example, how does it look from the perspective of a hotel business? "For the owners of small hotel companies, implementing this regulation can be a challenge, mainly due to the innumerable payment possibilities offered by this sector when booking a room, adapting to a single method would be complex. Hoteliers need to make sure to review their payment processes and identify which could be affected by enhanced client authentication. Once done, they should apply enhanced authentication in which it is easier to integrate this measure," explains the regional director of Spain for SiteMinder, Marco Rosso.

With the SCA, the risk to a business like this is that transactions that do not meet the requirements will be rejected, and there may be a decrease in reserve conversions, occupancy, and income. However, Rosso insists that "there is no need to fear the regulations, online payments require an additional step to complete, but with the right technology, this process should not be a problem or complication."

In addition to maximizing payment security, the financial sector also opens up for technology companies to work in collaboration with banks, providing a different vision. 


Popular posts from this blog

Google Maps has a practical real-time map so you can follow the global progress of the coronavirus.

Evan Blass filters the supposed final design of the Huawei P40 Pro: like a Galaxy S10 + with more cameras.

Nvidia GeForce Now comes out of beta: a rival for Stadia with a free plan now available to everyone.