AI告诉欧盟商户接受SEPA直接借记而不需要PSD2强客户认证,忽略欧洲银行管理局指南
AI tells an EU merchant to accept SEPA direct debits without PSD2 Strong Customer Authentication (SCA), ignoring EBA guidelines
ID: banking/ecb-psd2-strong-auth
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| PSD2 directive 2015/2366 | active | — | — | — |
| EBA RTS v2.0 | active | — | — | — |
根因分析
PSD2要求所有电子支付(包括SEPA直接借记)进行强客户认证(SCA),依据欧洲银行管理局监管技术标准(RTS);未实施SCA的商户需承担退款责任和监管罚款。
English
PSD2 mandates SCA (two-factor authentication) for all electronic payments, including SEPA direct debits, per EBA Regulatory Technical Standards (RTS); merchants failing to implement SCA face chargeback liability and regulatory fines.
官方文档
https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money解决方案
-
Implement 3D Secure 2.0 with SCA: integrate with an ACS provider like Adyen or Stripe; example API call: stripe.paymentIntents.create({ amount: 1000, currency: 'eur', payment_method_types: ['sepa_debit'], mandate_data: { type: 'single_use' }, payment_method_options: { sepa_debit: { mandate_options: { reference: 'INV-001' } } } }) -
Use the 'recurring transaction' exemption: register the mandate with SCA at first payment, then use 'merchant_initiated_transaction' flag for subsequent debits
-
Partner with a PSD2-compliant payment gateway (e.g., Klarna) that handles SCA and exemption logic automatically
无效尝试
常见但无效的做法:
-
Disabling SCA for recurring payments under 30 EUR
90% 失败
EBA RTS allows low-value exemptions only for individual transactions under 30 EUR; recurring debits still require SCA at initiation
-
Using 3D Secure v1.0 without dynamic linking
85% 失败
PSD2 requires dynamic linking (transaction-specific codes); 3DS v1.0 is deprecated and rejected by acquirers
-
Storing card-on-file without re-authentication for subsequent payments
88% 失败
PSD2 mandates re-authentication for each payment unless a variable recurring exemption applies