PSD 2 is a new EU directive designed to increase the security of digital payments. This includes, among other things, that credit card payments initiated online should be made secure with additional measures. The directive came into force on 14 September 2019 and will only apply to Steady members who pay by credit card (between 10% and 20% of members, depending on the publisher).
What does this mean for members?
What does this mean for publishers?
This applies to people who sign up for a new membership with a publisher on Steady, as well as existing members for whom a monthly or annual membership fee is due to be debited.
New Members: New members who sign up with a Steady publisher and pay by credit card may be required to undergo a one-time additional authentication process with their bank or credit card provider. Not every new member will be affected. This process varies from bank to bank (see below for details). In any case, the procedure will be seamlessly integrated into the Steady payment process.
New members of publications with a 30-day trial period: People who complete a 30-day trial membership and wish to pay by credit card may also need to go through the new authentication step. It may happen that Steady reserves one Euro (or a comparable amount in the respective local currency) on the credit card and immediately releases it again. This step may be necessary to perform authentication.
Existing members: Existing Steady members will have their membership payments debited monthly or annually, as usual. Should this fail due to a lack of additional authentication, the affected members will receive an email from Steady asking them to perform the authentication so that their membership can continue seamlessly. This email will be sent if Steady tries to make the usual debit, but it does not work due to the new policy. There will be a link in the email. If the member clicks on the link, he/she must log in to Steady. Then they will be taken through the authentication procedure once, during which the credit card details need to be re-entered (see below for details on the procedure). Once the authentication is complete, Steady will try to charge the credit card again. This retry will happen automatically, but it may take a few days for the retry to occur.
If the member does not respond to the email, Steady will send up to 4 more emails at different intervals until a maximum of 28 days have elapsed. If the member has not re-authenticated by then, Steady will terminate the membership.
Publishers don't need to take any action, because Steady takes care of all the measures necessary to comply with the PSD 2 directive. Publishers should be aware, however, that they may receive an increased number of requests for help or clarification from members.
Publishers can refer their members to this page, which contains all the information about the new policy. Steady is also ready to support members at support@steadyHQ.com.
Since Steady gives affected members 28 days to authorize their credit cards and can only transfer money that has been collected to publishers, it is possible that individual membership fees may not be transferred to publishers until the following month for if they do not reach Steady on time.
It is also possible that individual members use the prompt to authenticate their credit card to change to another payment method (PayPal or direct debit) or do not authenticate at all, which would lead to a cancellation of the membership after several email reminders by Steady.
What does this additional authentication procedure look like?
The bank or provider that issued the credit card decides which information is required for authentication. Among other things, it is possible that they request that the card holder:
Re-enters their credit card data
Enters a PIN sent via SMS or an app
Or, that they reserve one euro (or a comparable amount in the respective national currency) on the credit card, which will be released immediately.
Among other things, the EU's second Payment Services Directive will regulate payment on the Internet and primarily affects credit card payments. But there is no reason to panic: Members can still support their favourite projects on Steady without any problems.
But to ensure that transactions continue to run smoothly and membership fees reach publishers, members paying by credit card in particular will need to adapt to the new directive. It is best to obtain information from your bank in good time and set up the new procedure for secure online payment for your credit card as early as possible.
What does the EU directive regulate?
The new Payment Services Directive (PSD 2) provides for increased security precautions for payments on the Internet. In future, strong customer authentication (SCA) will be required for transactions.
Anyone who wants to pay with a credit card on the Internet will have to prove their identity with two security factors in the future. Previously, one factor, such as a password, was sufficient.
There are three categories of security factors: Knowledge, possession and inherence (personal or physical characteristics). Identity must be proven when paying with a factor from each of two of the three different categories.
A strong customer authentication could therefore look like this: When paying, you enter a password and additionally confirm the transaction with a transaction authentication number (TAN), which is sent to your smartphone via SMS or an app.
The procedure for strong customer authentication is called 3DS 2.0, but how it is implemented depends on the bank or credit card provider in question.