PSD2 can also be referred to as SCA (Secure Customer Authentication).
What is a compliant card payment?
A PSD2/SCA compliant card payment is one that you as the card holder has authorised. Whilst making an online payment, you are required to complete the payment by authorising it via your banking app.
Currently, to make a secure online payment, PSD2 requires that when paying online, at least two of the following three things have to be involved; something you know, something you own, and something you are, that is SCA (Strong Customer Authentication)
Something you know: A pin number, password, etc.
Something you own: A mobile phone, smart card, etc.
Something you are: Finger print, face recognition, etc.
By forcing authentication, your bank can make sure that it is you making the purchase, and not someone that has stolen your card, phone, or both. As those two things would only cover one of the three requirements; something you own.
PSD2/SCA can be tricky!
This is because it’s not always requested or required! Have you had the Contactless function of your card not work and you need to insert your card in the reader? It can happen after several contactless payments, or sometimes on your very first payment of the day.
If you have experienced this, you will know how temperamental PSD2/SCA can be. Inserting the physical card into the reader and entering your pin, is the real world equivalent to authorising an online payment through your banking app.
Usually PSD2 authentication is not required on small “low risk” purchases. However, PSD2/SCA is forced after a certain number of transactions have been made within either: a certain period of time; or if your transactions exceed a certain amount.
So, you will not always need to authorize an online payment from your banking app, but often will as limits vary. Eg: You might make several 20€ payments without having to authenticate, and then have to authenticate your next small purchase on the same day.