PSD2 (PAYMENT SERVICE DIRECTIVE 2) THE NEW EUROPEAN REGULATIONS FOR ONLINE PURCHASES

Dear Customer,

We would like to inform you about important changes concerning online payments.

Starting from September 2019, the new European regulations that apply to online payment services (credit cards) and the providers of these services, came into force. The 3D Secure method is a security protocol that increases safeguards when paying via credit card online.

With this new system, the customer confirms electronic payments with a password, a transaction number or a biometric recognition system. The system chosen depends on the bank; for example, many banks have set up a specific App or developed a code generator system.

This way, a potential attacker can no longer make purchases alone using stolen credit card details such as a card number or a PIN.

What is the PSD2 system?

The PSD2 system (short for Payment Service Directive 2) is a regulation issued by the European Union and implemented by all national governments in regards to online payments. The way in which the new identification is declined specifically depends on the individual bank and cannot be influenced by the online store. The process aims to further protect consumers in using online payment services and tries to demonstrate that behind each credit card payment there is the owner of the card. For you as a customer, online payment is even safer!

According to this legislation, there are three types of authentications required:

1. Something I know: for example, a password or a PIN that only I know

2. Something I have: for example, a smartphone, a smartwatch or a Token

3. Something that I am: for example, a fingerprint or facial recognition (eye scan)

For each payment it is mandatory to use two forms of identification that are different and separate from one another.

In order to continue to guarantee the convenience of online shopping and to minimize the complexity of customer verification, some exceptions and special regulations have been agreed on.

• for small amounts with a purchase value of less than €30 no advanced authentication is required at the moment

• recurring payments, such as the monthly amount for an online subscription, are not subject to the PSD2 procedure

• there is the possibility of a fixed authentication, which can be done by adding OIC Group to the list of trusted operators that is reported to your bank (also called whitelist); this way it is identified by the customer as reliable and the procedure is no longer required for each new purchase. However, this option is not guaranteed for all credit cards and is subject to the approval of the card issuer, which must agree to identify a certain retailer as "safe".

For more information on these procedures and to find out how these rules have been implemented by your bank, we advise you to contact your bank directly.