Secure payment: what are the regulations for marketplaces in Europe?

29 April 2021

Business Insight

Faced with the fear of hackers and credit card hacking, marketplace buyers need to be reassured with a secure payment solution. A necessity that has been taken into account by regulations, imposing a series of rules to marketplaces to be respected. Find out how to offer a secure payment experience to your end customers, while respecting the various texts in force.

Marketplaces: a highly regulated ecosystem

While transactions on an e-commerce site are relatively simple, since they only involve buyers and sellers, they become more complicated in a marketplace where three distinct actors are involved: buyer, seller, and marketplace operator. As an intermediary, the marketplace guarantees the smooth running of transactions on its platform. It is its responsibility to offer a secure payment solution.

The European Payment Services Directive (PSD2), which came into force in January 2018, aims to enhance online payment security. This regulation directly impacts marketplaces since collecting money before transferring it to a third party is similar to the provision of payment services. This activity falls under the scope of the PSD2.


The rise of 3D-Secure-v2

In addition to various measures designed to strengthen consumer rights, the DSP2 involves the ramp-up of strong authentication for online payments over 30 euros. Thus, the 3D-Secure-v2 process aims to standardize and enhance the control of the payment system and reduce the risks of fraud. Instead of requiring a single password at the time of payment, 3DSV2 involves a combination of at least two authentication factors:


    • Something you know, like a secret code or a password.
    • Something you have, like a smartphone or a connected device.
    • Something you are, like a fingerprint, facial or voice recognition


Initially planned for September 2019, the deployment of 3DS V2 was finally pushed back to mid-2021 to give banks time to prepare. On the side of the marketplace, the easiest way to offer 3D-Secure or 3DSV2 on its platform is still to use a payment service provider, a PSP.


How the PSP takes care of offering a secure payment

To comply with European legislation, marketplaces can choose between three options:

  • Obtain accreditation from the ACPR, the Autorité de Contrôle Prudentiel de Résolution, to become a payment institution themselves
  • Trying to get an exemption from licensing
  • Outsource the provision of payment services to a PSP, which is itself a CRPA-accredited PSP.

This last option is chosen by most platforms, which have neither the time nor the means to acquire sufficient technical and regulatory skills to become payment institutions themselves. A true partner in the growth of a marketplace, the payment service provider is in charge of offering secure payment methods and 3D-Secure. It is the payment service provider that becomes responsible for complying with regulations and protecting buyers and sellers. By delegating the management of payments to an expert, marketplaces are assured of offering their users secure payment solutions that comply with regulations.

As a passported payment institution in 30 countries, Lemonway has made regulation and security its spearhead, so that marketplaces need only focus on growth. A project? Any questions? Tell us about your needs!


3D-Secure v2 - what are the impacts for your marketplace?