From now on, your account is even more secure with the Strong Authentication System.
This concept, which derives from the Payment Services Directive (PSD2), introduces an additional security step in online financial operations. In other words, the information printed on the card (card number, validity date, CVV/CVC) are not considered valid elements for the purposes of strong authentication.
Strong authentication has already been implemented by MB and MB WAY systems since September 2019. However, regarding online card payments, and due to the complexity of the underlying systems, the European Banking Authority (EBA) established that banks/payment service providers must implement strong authentication before 31 December 2020.
PSD 2 is a European directive that establishes a series of new authentication provisions, offering customers greater security. This means that the authentication procedure must be carried out by using two or more elements that, at least, belong to two of the following categories:
PASSWORD OR PIN
TELEPHONE OR PHYSICAL TOKEN
Touch and Face ID
Some transactions do not necessarily require explicit authentication of the payer. In some cases, they can be authorized without prior authentication or pass through a frictionless flow, which means that the client does not need to be authenticated with the issuer.
Please note that the customer's bank may substitute the exemption request.
PayPay makes the following payment methods available to merchants:
|Payment method||Authentication method||Requires additional actions|
|MULTIBANCO||Depending on the bank (homebanking)||No|
|MB WAY||MB WAY application (PIN, fingerprint, etc.)||No|
|Credit/Debit card||3D Secure 2.0||Prior submission of additional data is recommended|
3D Secure 2 (3DS2) is the technology adopted by banks and payment service providers to comply with Strong Authentication in online card payments.
3DS 2.0 eliminates the redirection of the customer to bank page. This means that the payment processor gathers the information about the transaction and sends it to the bank, guaranteeing a smoother integration, always with greater security.
PayPay will be in charge of collecting the necessary data to initiate the payment, in case it is not sent. Therefore, you will not have to do anything.
In case you use any of the PayPay e-commerce plugins, you will also be provided with an update to support 3DS Secure 2.
In order to comply with the PSD2 Directive, PayPay will collect and send the following information:
|Designation||Required||Responsible for sending|
|Cardholder name||Cardholder (via PayPay site)|
|Billing Address||Cardholder (via PayPay site) / Merchant (via Integration/API)|
|Consumer e-mail||Cardholder (via PayPay site) / Merchant (via Integration/API)|
|Shipping address||Merchant (via Integration/API)|
Browser information (language, time zone, window size, etc.)
|Automatically collected by PayPay|