PSD2
Learn about the changes resulting from PSD2 and what you need to observe as a merchant

Objectives with introduction of PSD2

New developments

Payment institutions

Payment institutions like Unzer are to be granted access to bank data and bank accounts. The basic premise behind this decision is that the data and accounts are actually owned by the respective account holders and not by the banks. Express authorisation must then be granted by the respective account holders for payment institutions to retain access to the bank accounts.

Bank accounts

Access to the bank accounts should allow a network of both new and existing solution providers to be established. The new solution providers will primarily be account information service providers (AISPs) and payment initiation service providers (PISPs).

Fees

The rules on payment fees are also being revised. Accordingly, companies such as organisers/promoters or airlines will no longer be allowed to charge extra credit card fees.

Customer protection

Customer protection is also being strengthened. The goal with Strong Customer Authentication (SCA) – also known as two-factor authentication – is to make misuse of data significantly more difficult.

3DS

In order to comply with the requirements of PSD2 when processing credit card payments, there is a new version of 3D Secure. This is for example known as "Verified by Visa" or "MasterCard Identity Check" in the card networks.

Unzer Service

Unzer has integrated the future service in such a way that no difference from the current 3D Secure can be technically determined.

What you now need to observe as a merchant

Modules

If you are using a module from Unzer or Heidelpay, you are already well prepared. However, we still recommend performing the following to be absolutely sure:

• An update of the module
• Testing of 3D Secure in the current test system

Call up Test data

iFrame

If you are not using an iFrame, but are integrating as follows:

• Charges or reservations are submitted via XML (requires an up-to-date PCI certificate)
• Charges or reservations are submitted via SGW POST (requires an up-to-date PCI certificate)
• Charges or reservations are submitted via NGW POST without frontend parameters (requires an up-to-date PCI certificate)
• As a general rule, we always recommend integrating our iFrame

Learn more about Unzer iFrame

Subscription models

If you are using referenced bookings that refer to an initial registration (REG) (this is the case with subscription models, yet also with recognition in the shop)

• In future, more information will be passed on to the card issuers via the interfaces. However, this information already comprises mandatory fields in our interfaces anyway, meaning that there is no extra work for you here

Download Guide Abo

Integration

If you are using direct integration but do yet have 3D Secure, we recommend performing testing on our test system to determine whether the current integration already works with 3D Secure.

Call Up test data

Integration guide 3DS

Two-factor authentication is being made compulsory for all payment transactions on the Internet from January 1, 2021 onwards. The operators of the credit card networks use the so-called 3D Secure process to meet this obligation. As a merchant, you must therefore make absolutely sure that you can perform this process for your customers from January 1, 2021 onwards. The following provides a description of the various integration options.

Download Guide 3DS