The Payment Services Directive: What charities need to know
This September new EU-wide legislation – Strong Customer Authentication (SCA) – is going to be implemented which will impact on online payments and donations. Every charity that takes online payments should be aware of what’s coming. Sam Boyle, Policy and Information Officer, provides an indication of what this might mean for fundraising.
What is it and what’s happening?
As online payments and card transactions grow year on year, the need for those payments to be safe and secure increases too. When you make an online payment you probably have noticed at least one of the following: ‘pop-up’ boxes to choose, a password to put in, or a ‘unique identifier’ to confirm the transaction. These are all there to prove that ‘you’ are you, and therefore authorising the payment to help avoid fraudulent transactions.
The process is called ‘Customer Authentication’, and new legislation is on its way that will change how this will work. The revised Payment Services Directive (PSD2) is already in force (as of 13 January 2018), with new requirements for Strong Customer Authentication (SCA) effective in the UK market from 14 September 2019.
This SCA legislation introduces a whole set of enhanced security measures that implement additional customer authentication processes to complete purchases, and which Payment Service Providers (PSPs) will be required to adhere to. The SCA requirements will apply where a customer either (a) accesses their account online; (b) initiates an electronic payment transaction; or (c) carries out any action through a remote channel which may imply a risk of payment fraud of other abuses.
When making an online payment, customers will need to submit two pieces of information, from two separate categories during the payment process, that are bespoke to them – i.e. something the customer knows, something they possess and something they are.
The legislation requires everyone in the payments value chain to implement SCA.
In reality this covers all electronic payment types and brings into scope, the full-range of donating channels that charities use as part of their fundraising ‘mix’ (e.g. PoS, in-app, ecommerce & messaging) however, it does not apply to direct debits.
Why do charities need to know about this?
If a donor or supporter makes a donation through your website, or an intermediary, then they may have to go through more authentication steps than those previously required, to prove who they are.
It will apply to donations and to sales (buying products or paying for a charity’s services) so it isn’t just about fundraising – it covers an array of transaction types.
Payment Services Providers will bring in the changes so charities don’t need to think about how they need to authenticate payments, but the full impact of SCA and on the wider charities sector is still unclear.
At the very least charities should be being made aware that these changes are happening, and to start thinking as to what this means for the donating experience more generally. For example, they could take longer, and require more effort on the part of the supporter, by adding more ‘friction’ into the giving experience.
Charities should prepare for this to ensure future fundraising strategies are aligned, as far as possible, while understanding the implications but also the opportunities to take advantage of a number of listed ‘exemptions’.
Who should be being made aware from a charity’s perspective?
Both Fundraising Directors and Finance Directors should be fully aware of these regulatory developments.
All of which comes at a time when the behaviours of donors are changing, becoming accustomed to the experience that the digital economy has ushered in, where merchants have invested heavily in streamlining the purchase and payment process; providing a wider societal expectation that electronic payments should be secure, convenient and made accessible to all.
UK Finance is reaching out across a range sectors that are likely to be impacted so as to raise awareness, and help signpost what’s coming, helping those organisations to prepare accordingly. It is also working with us at the Institute of Fundraising, as supported by Open Creates, to help bring charities together to discuss an important and salient topic that the third sector should be taking heed of.
To find out more, and better understand how this fits, and impacts, upon the future of digital fundraising a free event will be hosted by Osborne Clarke on Wednesday 20 March 2019.
Sam Boyle, Policy and Information Officer, Institute of Fundraising