As of September 14, secure authentication will be mandatory for all e-commerce in the EU. This is when the new European Payment Services Directive PSD2 comes into force. What are the implications for Swiss providers?
The PSD2 (Payment Services Directive 2) comes into force on 14 September 2019. Its scope for online trading will be comparable to that of the General Data Protection Regulation (GDPR). The reason for this is the requirement for secure customer authentication.
Strong Customer Authentication (SCA) means that two separate factors from each of two of three categories are required. These are:
Switzerland does not have to implement PSD2 in principle, as it is not a member of the EU. E-commerce companies selling to the EU, on the other hand, must (as is the case with the GDPR) comply with the relevant EU legislation.
It can also be assumed that (again, as in the case of the GDPR) Switzerland will voluntarily adapt its laws to those of the EU. This means that even those merchants that do not sell directly to the EU will sooner or later have to deal with two-factor authentication. The good news is that, as a rule, payment service providers (e.g. Paypal or Datatrans) will take care of two-factor authentication. The e-commerce provider, in turn, has to ensure that the payment provider he chooses is one that offers 2FA and that it is integrated as smoothly as possible into his existing payment procedure.
With Ergon's Identity and Access Management Suite (Airlock IAM), aspectra offers a variety of two-factor authentication options.
SCA FAQ: Your essential questions about new PSD2 rules answered (Siliconrepublic)