PSD2 compliance
Starting September 14, 2019, the European Union requires that all merchants in the EU and UK comply with the Strong Customer Authentication (SCA) requirements of the Payment Services Directive (PSD2). Merchants in all other countries are encouraged to comply with PSD2 as a best practice.
Strong Customer Authentication is a key component of PSD2, and requires two of the following:
- Something only the customer has (password or PIN)
- Something only the customer knows (unique security token generated by phone or key fob)
- Something only the customer is (biometric authentication such as a fingerprint or facial recognition)
European banks may decline payments that do not meet the requirements. However, low risk and low value transactions might still be accepted, and subsequent payments in a recurring subscription.
Due to this significant change and to ensure that customer payments are not declined, Adobe introduced the following changes and recommendations for native Commerce payment integrations.
Note: To comply with PSD2 using the core integration in previous releases, do one of the following:
- (Recommended) Install the official Braintree payment integration extension from Adobe Commerce Marketplace.
- Enable and configure the Braintree payment method in the Commerce configuration.
These earlier core integrations support 3D Secure 2.0 verification. However, Braintree implementations that run on JavaScript SDK v2 do not support 3D Secure 2.0.