The EU Payment Services Directive enforcement is gaining momentum across the European Economic Area (EU states plus Iceland, Norway and Liechtenstein) to implement Strong Customer Authentication (SCA) for card-not-present transactions via credit card payment operators. This was legislated as of 14th September 2019, and was extended to allow time for implementation. PSD2 affects FinTech companies that offer payment initiation services or account information aggregation services, along with online merchants. The PSD2 applies to all transactions or transaction elements that occur in the European Economic Area. 
Credit card payment operators are looking to implement the PSD2 measures worldwide to simplify their transaction processes and lower costs.
SCA uses MFA methods, such as an app on your phone asking you to authorise a transaction, to lower the number of disputed card transactions.
PSD2 is expected to provide an increase in transaction security and thereby reducing fraud, provided that the APIs that implement SCA are securely and uniformly implemented. API attacks are quicker to perform, enlarging the attack surface for card-not-present payments.
Agilient consultants are well versed in providing strategic consultancy in adopting MFA and secure conformant APIs. Please contact us today to see how we can assist your organisation.
Author: David Steele, Agilient Consultant