Our latest insights

Will a PSD2 come to the US?

Share this post

Does PSD2 Matter for US Businesses Today?

The answer to this question is a definite yes. Although PSD2 is only enforced in the European Economic Area (EEA), it mandates Strong Customer Authentication to all payment service providers (PSPs) doing business in the EEA. So, if you’ve got a US-based business, you’ll be affected (at minimum) in the following ways:


  • US business with entities in the EU/EEA:  US businesses active in the EEA through a subsidiary must be PSD2 compliant and Strong Customer Authentication (SCA) enabled.
  • US-based merchants accepting payments from EEA-based customers: US-based merchants with EEA-based customers should implement 3D Secure 2 because PSD2 legislation requires it as the standard authentication method for card-based online transactions taking place in the EU region. Note: Visa announced that it will discontinue 3D Secure 1 from October 2022.


The important thing to remember is that PSD2 grants chargeback rights to EU-based payees, at least as long as they’re using an EU-based issuer. According to the EBA, if the EU-based issuer cannot technically impose the use of SCA, “the issuer shall make its own assessment whether to block the payment or be subject to the liability requirements under Article 73 vis-a-vis the payer in the event that the payment has been unauthorised”.

Unlike US-based merchants, US-based issuers have it a bit simpler; they’re not under the jurisdiction of the EU and therefore under no obligation to require SCA or offer chargebacks under the PSD2.

How is Banking Regulated in the US Anyway?

Here in Europe, we’ve gotten used to cross-country banking regulations that each country must implement. There are still many national differences, such as access to digital identities and electronic invoicing. Still, in general, banking regulation has been harmonised across the European Economic Area, first through the PSD1 in 2007, then the PSD2.

There isn’t really any existing equivalent to the PSD2 or the European Banking Authority (EBA) in the US, as authority and regulation exist and overlap on two levels: state and federal. For example, there are some state-wide regulations, such as the California Consumer Privacy Act (which looks a bit like the GDPR), but no federal regulation that requires consumer privacy to the same extent. Similarly, banks can either be chartered on a federal level or through the state level, where each state can have its licensing regulation. Also, much of what Europe regulates through the EBA is – in the United States – left to big companies like EMVco (for card-based payments).

The Impact of Politics and Philosophy

Read the full article over at okaythis.com. 

Article by Okay AS

More To Explore