Will a PSD2 come to the US?

Share this post

Does PSD2 Matter for US Businesses Today?

The answer to this question is a definite yes. Although PSD2 is only enforced in the European Economic Area (EEA), it mandates Strong Customer Authentication to all payment service providers (PSPs) doing business in the EEA. So, if you’ve got a US-based business, you’ll be affected (at minimum) in the following ways:


  • US business with entities in the EU/EEA:  US businesses active in the EEA through a subsidiary must be PSD2 compliant and Strong Customer Authentication (SCA) enabled.
  • US-based merchants accepting payments from EEA-based customers: US-based merchants with EEA-based customers should implement 3D Secure 2 because PSD2 legislation requires it as the standard authentication method for card-based online transactions taking place in the EU region. Note: Visa announced that it will discontinue 3D Secure 1 from October 2022.


The important thing to remember is that PSD2 grants chargeback rights to EU-based payees, at least as long as they’re using an EU-based issuer. According to the EBA, if the EU-based issuer cannot technically impose the use of SCA, “the issuer shall make its own assessment whether to block the payment or be subject to the liability requirements under Article 73 vis-a-vis the payer in the event that the payment has been unauthorised”.

Unlike US-based merchants, US-based issuers have it a bit simpler; they’re not under the jurisdiction of the EU and therefore under no obligation to require SCA or offer chargebacks under the PSD2.

How is Banking Regulated in the US Anyway?

Here in Europe, we’ve gotten used to cross-country banking regulations that each country must implement. There are still many national differences, such as access to digital identities and electronic invoicing. Still, in general, banking regulation has been harmonised across the European Economic Area, first through the PSD1 in 2007, then the PSD2.

There isn’t really any existing equivalent to the PSD2 or the European Banking Authority (EBA) in the US, as authority and regulation exist and overlap on two levels: state and federal. For example, there are some state-wide regulations, such as the California Consumer Privacy Act (which looks a bit like the GDPR), but no federal regulation that requires consumer privacy to the same extent. Similarly, banks can either be chartered on a federal level or through the state level, where each state can have its licensing regulation. Also, much of what Europe regulates through the EBA is – in the United States – left to big companies like EMVco (for card-based payments).

The Impact of Politics and Philosophy

Read the full article over at okaythis.com. 

Article by Okay AS

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?