Our latest insights

Will a PSD2 come to the US?

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on email
Okay AS
Will a PSD2 come to the US?

Does PSD2 Matter for US Businesses Today?

The answer to this question is a definite yes. Although PSD2 is only enforced in the European Economic Area (EEA), it mandates Strong Customer Authentication to all payment service providers (PSPs) doing business in the EEA. So, if you’ve got a US-based business, you’ll be affected (at minimum) in the following ways:


  • US business with entities in the EU/EEA:  US businesses active in the EEA through a subsidiary must be PSD2 compliant and Strong Customer Authentication (SCA) enabled.
  • US-based merchants accepting payments from EEA-based customers: US-based merchants with EEA-based customers should implement 3D Secure 2 because PSD2 legislation requires it as the standard authentication method for card-based online transactions taking place in the EU region. Note: Visa announced that it will discontinue 3D Secure 1 from October 2022.


The important thing to remember is that PSD2 grants chargeback rights to EU-based payees, at least as long as they’re using an EU-based issuer. According to the EBA, if the EU-based issuer cannot technically impose the use of SCA, “the issuer shall make its own assessment whether to block the payment or be subject to the liability requirements under Article 73 vis-a-vis the payer in the event that the payment has been unauthorised”.

Unlike US-based merchants, US-based issuers have it a bit simpler; they’re not under the jurisdiction of the EU and therefore under no obligation to require SCA or offer chargebacks under the PSD2.

How is Banking Regulated in the US Anyway?

Here in Europe, we’ve gotten used to cross-country banking regulations that each country must implement. There are still many national differences, such as access to digital identities and electronic invoicing. Still, in general, banking regulation has been harmonised across the European Economic Area, first through the PSD1 in 2007, then the PSD2.

There isn’t really any existing equivalent to the PSD2 or the European Banking Authority (EBA) in the US, as authority and regulation exist and overlap on two levels: state and federal. For example, there are some state-wide regulations, such as the California Consumer Privacy Act (which looks a bit like the GDPR), but no federal regulation that requires consumer privacy to the same extent. Similarly, banks can either be chartered on a federal level or through the state level, where each state can have its licensing regulation. Also, much of what Europe regulates through the EBA is – in the United States – left to big companies like EMVco (for card-based payments).

The Impact of Politics and Philosophy

Read the full article over at okaythis.com. 

More To Explore

Login or Register

Don't have an account?

Are you part of the Payments Association community?

Not yet set up your login for the Payments Association Community Platform? Set it up now

Set up a free account for instant access to our content

You don’t need to be an Payments Association member to view the majority of our content. Simply enter your details below once to set up your login details and get access to our library of whitepapers, podcasts, consultation papers, webinars and more.

First Name*
Last Name*
Company Name*
Job Title*
Business Email Address*
Confirm Password*
The Payments Association exist to help drive the industry forward. As such the Payments Association may contact you about any future content or events that we think you may have a legitimate interest in. We will store your information securely and will never share your details with third parties other than the relevant resource(s) sponsor(s)/curator(s). You may opt out at any time. By clicking register you are agreeing to the terms of our Privacy Policy.

← back