3D Secure v2: is it a systematic obligation in the purchasing process?

There is an obligation to systematically implement 3D Secure v2, but with possible exemptions.

As part of the regulatory obligations of the Payment Services Directive 2 (PSD2), which comes into force on 14 September 2019, 3D Secure v2 authentication will have to be implemented by all e-commerce websites that accept credit card payments online (via Internet or mobile applications).

However, some payments may be exempted and be made without strong authentication of the cardholder, if they meet the criteria defined by the DSP2 (e.g.: small amount, trusted beneficiary, etc.).

The operational implementation of these exemption cases will not be immediately available from 14/09/2019; it will be implemented gradually in the following months.

In case of online payment the card issuer may refuse the absence of 3D Secure v2 authentication, unlike the current version of 3D Secure v1. The issuer will request cardholder authentication if an unusual situation (payment using a new device, payment from a foreign country, etc.) is detected.