The Silicon Dales Guide to PSD2


The Silicon Dales Guide to the Payment Services Directive (EU) 2015/2366 introduces the main ways in which PSD2 will affect online retail, specifically through WooCommerce. The EU has produced a really good helpsheet here.

PSD2 entered into force on 13th January 2018.

The purpose of PSD2 is to increase competition and security. It will achieve this by opening up new methods of payments and information processing via bank accounts and by enforcing higher standards of fraud protection.

This will almost entirely affect payment service providers rather than merchants, though merchants should be aware of the new environment.


Card fees for payment “surcharges” are banned.



New Strong Customer Authentication for Online Payments

One-Time-Passcode’s, or OTP’s, will be introduced for all online payments.

“For online payments, security will be further enhanced by linking, via a one-time password, the online transaction to its amount and to the beneficiary of the payment. This practice ensures that in case of hacking, the information obtained by a potential fraudster cannot be re-used by for initiating another transaction. This procedure is already in application in countries such as Belgium and has led to significant fraud reduction for online payments.”

SCA Timing

OTP’s for online payments will be introduced from September 2019:

“The use of SCA will become mandatory 18 months after the entry into force of the RTS, i.e. once the RTS is published in the Official Journal of the EU, scheduled for September, 2019.”


PSD2 will also crack open bank accounts for new payment services to emerge. Common data formats will be introduced to enable other providers to work with bank data, but more importantly the consumer will be able to pay online for a product or service with a simple verified bank transfer direct to merchant, rather than a card payment through a payment gateway.

From the banks’ perspective, PSD2 places a higher emphasis on the data rights of EU citizens and their right to use their (banking) data elsewhere, in line with GDPR.


The main change for Marketplaces is they may need to apply for a payments licence unless they are using an alternative such as Stripe Connect.

The most common application for this in the WooCommerce space will be those using WooCommerce Vendors.

There’s a good explanation of where the regulation applies from Stripe, below, but basically if you handle payments from a consumer to a merchant, you may need to apply for a payments licence.

Stripe Connect

In response to PSD2 Stripe Connect provides an alternative to payments licencing by handling funds on behalf of the platform.

“Platforms can only avoid becoming a licensed and regulated business if they do not possess or control funds and, instead, rely on a licensed payment service provider.

The commercial agent exemption is now only available when a commercial agent very clearly acts on behalf of either the payer or the payee but not both. If acting for both, a Platform is only able to avoid a licensing requirement if it does not possess or control funds (i.e., relies on a licensed payment service provider to do this).”

Help with client payments

For assistance integrating WooCommerce Vendors with Stripe Connect, or for help toggling your Stripe settings for WooCommerce, contact Silicon Dales today.

Leave a comment

No links of any kind allowed in comments - if you add any links, your comment will automatically be deleted.