Log in
Start free trial

Understanding PSD2 and 3D Secure Checkout

This page outlines the Revised Payment Service Directive (PSD2), implemented on September 14, 2019, to improve electronic payment security in the European Economic Area (EEA) and the United Kingdom (UK). It also highlights the role of 3D Secure checkout in ensuring compliance and shifting liability for fraudulent chargebacks from merchants to card issuers.

On this page

Overview of PSD2

On September 14, 2019, the Revised Payment Service Directive, also known as PSD2, was introduced in all countries in the European Economic Area (EEA) and the United Kingdom. There is an expected 18-month transition period for online stores in the affected countries to become compliant with PSD2.

PSD2 introduces new, strict security requirements for electronic payments to reduce the risk of fraud. You will be PSD2 compliant if you use Shopify Payments through our integrated 3D Secure checkout.

Explanation of 3D Secure Checkout

3D Secure is an additional security layer for online credit and debit card transactions. It adds an authentication step for online payments by redirecting the user to the card issuer’s domain, then back to the online store's domain to complete payment. Online stores in countries under the PSD2 directive require 3D Secure checkout integrations in order to be compliant with the PSD2 directive.

Payments that are successfully authenticated by 3D secure are protected by a liability shift. When a payment is authenticated with 3D secure, the liability for fraudulent chargebacks or disputes is shifted from merchants to card issuers. This liability shift results in merchants no longer being liable for the costs of a chargeback or dispute. However, card issuers have policies that remove liability shift protection if too many chargebacks occur. For example, Visa's policy is that merchants who receive more than $7,500 USD in fraudulent chargebacks in one month are no longer able to shift liability to the card issuer.

If you're using Shopify Payments or Stripe as a payment gateway, then you're automatically using a 3D Secure checkout flow. Shopify Payments is optimized to minimize the use of 3D Secure, and only uses 3D Secure when required by the issuing bank in order for a transaction to be authorized successfully.

If you're using a third-party gateway and require 3D Secure, then you can use Cardinal as a 3D Secure provider.

Can’t find the answers you’re looking for? We’re here to help.