Strong Customer Authentication & Your Corporate Card

What changes will the EU’s directive PSD2 entail?

By designing the revised Payment Service Directive PSD2, which the member states have transposed into national law, the EU legislator intends to accommodate the increasing digitization of payment transactions in Europe by enhancing consumer protection, promoting the introduction of technical innovations, and increasing legal certainty.


Strong Customer Authentication (SCA)

One of the main elements of the PSD2 is the obligation to apply Strong Customer Authentication (SCA) which stipulates the use of two independent elements when accessing accounts, making electronic payments, or involving third-party service providers.

This means that all online and card payments must be confirmed by independent elements in two of the three categories: knowledge (e.g., password or PIN), possession (e.g., smartphone), and inherence (biometric identification, e.g., via a fingerprint). Referred to as two-factor authentication, or 2FA, the procedure enables card-issuing institutions (issuers) to verify a payer’s identity before authorizing a transaction.

The SCA requirements are detailed in the Commission Delegated Directive 2018/389 (SCA RTS).


General scope of the PSD2

Basicly, the PSD2 applies to all payment services rendered in the EU by service providers residing in the EU. One Leg Out transactions, which involve acquirers or issuers residing outside the EU, are exempt from the PSD2.


Exemptions for corporate payment

Pursuant to the RTS, under certain specified circumstances some corporate payment products are exempt from the obligation to apply two-factor authentication to ensure reasonable application of SCA and prevent complications in B2B payment transactions.


Security rules

As opposed to our purely digital payment products, we will adjust the terms for payment transactions made with AirPlus Corporate Cards to the PSD2 step by step. Differentiation is made between credit card payments made on site, online purchases, and mail orders and telephone orders (MOTO):


On-site payment:

The current authentication standard for on-site payments is the presentation of your credit card and the entry of your PIN.
For you this means: Nothing will change for the time being. We will notify you in good time about any adjustments.


Online payment:

When making online payments, the majority of our customers use 3D Secure, a procedure that requires the provision of a dynamic password via an SMS or a personal password defined by the customer.

As 3D Secure will become mandatory for all online payments, we ask those customers who have not registered for 3D Secure yet to save their mobile phone numbers here.
For all other matters this means: Nothing will change for the time being.


In addition to 3D Secure, we are working to develop a user-friendly biometric solution which we will make available to you. We will inform you about the details in good time.


MOTO payment:

As orders placed by mail or via telephone are not considered digital payment processes, they do not fall under the scope of the PSD2.
For you this means: Nothing will change.