So what actually happened?
In short… not very much! We’d done plenty of testing and preparation and were up until 2am in the UK to see the new PSD2 regulations take effect on our subscription renewals, which all went off without a hitch!
Since the new authentication regulations under PSD2 have been enforced, we’ve seen some change in the proportion of payments requiring Strong Customer Authentication (SCA). Currently, we’re seeing a 10% increase in payments by end-users in the EU requiring either 3DS1 or 3DS2. However, given over 80% of payments in the EU used 3D-Secure version 1 (3DS1) or version 2 (3DS2) already, this is no big change for buyers.
“We’re seeing a 10% increase in payments by end-users in the EU requiring either 3DS1 or 3DS2”
Before September 14, it had been reported that many banks would not be ready for 3DS2 in time, and this is exactly what we’re seeing. Support and usage of 3DS2 by issuing banks is extremely low, with just 1% of 3DS authentications currently taking advantage of 3DS2 - the rest using 3DS1.
Of the 3DS2 authentications we’re seeing, around 60% of them are frictionless, giving the end user a seamless experience. The 3DS2 frictionless flow is much less intrusive than its 3DS1 counterpart, which still loads the bank’s website and often requires an interaction. The other 40% of 3DS2 authentications require the end user to complete a “challenge”, usually in the form of a code sent by SMS, or a push notification from the bank’s app.
“Support and usage of 3DS2 by issuing banks is extremely low, with just 1% of 3DS authentications currently taking advantage of 3DS2 - the rest using 3DS1”
How have recurring payments been affected?
Unsurprisingly (given the limited change in behaviour towards authentication), banks are not requiring Strong Customer Authentication for recurring payments where the subscription started before September 14. Whether this is because they have not changed their logic, or because they are honoring grandfathering is yet to be seen.
What happens next?
At Paddle, we’re optimising our 3DS flows further. Given the limited uptake of 3DS2, we’ve improved our 3DS1 flow by showing the issuing bank’s website within our checkout, rather than in a popup window. We’re also working on improving our dunning emails when authentication is required for recurring payments, just in case banks start getting more strict with these.
We’ll be monitoring the trends in this area in the coming months and working closely with our payment partners in order to give end users the best checkout payment and authentication experience possible.