Is FreshBooks PSD2 compliant?

PSD2 stands for Payments Services Directive 2, and is a new EU regulation on authenticating online payments. FreshBooks is PSD2 compliant as of September 14, 2019, which is when PSD2 went into effect. This affects all European business owners who bill clients based in Europe only. In addition to PSD2, the UK has implemented the Open Banking Standard for users in the UK who use third party apps to connect to their bank accounts.
 

Strong Customer Authentication (SCA) - Payments

A key part of PSD2 requires Strong Customer Authentication (SCA) in order to reduce fraud and make online payments more secure. SCA is applied to transactions where both the business and the cardholder’s banks are located in the European Economic Area (EEA).
The most common way of authenticating an online card payment relies on 3D Secure - a standard used by most European cards. 3D Secure adds an extra step after checkout where your clients (the cardholder) is prompted by their bank to provide additional information to complete a payment. This includes methods like a one-time code sent to their phone, or a fingerprint authentication through their mobile banking app.
Some payments may require SCA, based on the value of the payment and the bank’s overall fraud rates.
 
SCA will not be applied to transactions where:
  • The business owner or the client does not reside in the EU
  • The business owner enters credit card information on an invoice or recurring template with the Advanced Payments add-on

SCA Exceptions:
  • Low risk transactions - used for transactions with a maximum value of €500
  • Low value transactions - any transaction below €30 will not require SCA, a limit of 5 consecutive transactions, or a cumulative limit of €100 is in place, once reached, SCA is required again
  • Allowlisting - After the first SCA verified purchase, the client can allow the business owner so that subsequent purchases do not require SCA
  • Corporate payments - Corporate cards that are not in the cardholder’s name and virtual credit cards are exempt from SCA
As an EU-based business owner, no further action is required. Your clients located in the EU may have to complete SCA before their payment is successful. As a client, the steps to pay an invoice can be found here.
 

Open Banking Standard - Bank Connections

The Open Banking Standard, is the UK version of PSD2 in which banks must open their data to third parties. The difference is that Open Banking demands slightly more of its member banks, such as ensuring data is securely shared or openly published to allow third party apps like Plaid and FreshBooks to access users’ data through their bank accounts. Review more details about the Open Banking Standard here.
As a business owner, if you’re based in the UK, your bank connections will be set up through Plaid which is compliant with the Open Banking Standard. Follow the steps to set up bank connections through Plaid here.