eventbrite header logo mark

Help Centre

Help Centre

Payment Services Directive II (PSD2) and Strong Customer Authentication (SCA) with 3DS2.0

PSD2 sets new requirements for payment transactions in Europe (effective 14 September 2019). To support, payment transactions on Eventbrite where both the issuing bank and acquirer bank are located in the European Economic Area (EEA) are subject to SCA with 3DS2.0. Purchasers have to complete the authentication requirement for the issuing bank to purchase tickets.

In this article

  • Information for event organizers

  • Information for event attendees

Information for event organizers

1. General information.

  • PSD2 — Payment Services Directive II is a legal act of the European Union that sets new requirements for securing online payments. Under it, additional authentication is required and banks should decline transactions that don’t meet the SCA criteria. Learn more about PSD2 .

  • SCA — Strong Customer Authentication is the new regulatory requirement of building additional authentication into the purchase flow. Including at least 2 of the following constitutes strong customer authentication: something the purchase KNOWS, something the customer HAS, and something the customer IS (e.g., a PIN is something a purchaser knows and a phone is something a purchaser has).

  • 3DS / 3DS1.0 / 3DS Standard — 3D Secure provides added security to reduce the likelihood of unauthorized transactions. You might also know it under branded names like, “Secure,” “SafeKey,” and “Identity Check” for card providers like Visa, American Express, and MasterCard.

  • 3DS2.0 — 3D Secure 2.0 introduces new data requirements to 3DS that reduce friction, optimize for mobile, and tailor authentication methods to the purchaser (based on the issuing bank). 3DS2.0 further secures online payments to reduce the likelihood of unauthorized transactions.

2. Effective date.

PSD2 is effective 14 September 2019.

NOTE: The deadline for PSD2 is extended for some countries, like the U.K. For those countries, the effective date may differ.

3. Impact on ticket sales.

Purchases where the cardholder’s issuing bank and acquirer bank are located in the EEA (minus countries with delays) are subject to SCA with 3DS2.0. Purchasers have to complete the authentication requirement for the issuing bank to purchase tickets. The authentication process is determined by the issuing bank and not Eventbrite.

NOTE: SCA with 3DS2.0 also applies to typical organizer actions like paying an invoice or using a credit or debit card to issue refunds to attendees.

4. Turn off authentication.

PSD2 sets new requirements for payment transactions in Europe (effective 14 September 2019). Purchasers have to complete the authentication requirement for the issuing bank to purchase tickets. Payment transactions totaling less than €30 (or the equivalent in your currency) may not be subject to 3DS2.0 authentication. This is determined by the cardholder’s issuing bank and not Eventbrite.

Information for event attendees

1. General information.

  • PSD2 — Payment Services Directive II is a legal act of the European Union that sets new requirements for securing online payments. Under it, additional authentication is required and banks should decline transactions that don’t meet the SCA criteria. Learn more about PSD2 .

  • SCA — Strong Customer Authentication is the new regulatory requirement of building additional authentication into the purchase flow. Including at least 2 of the following constitutes strong customer authentication: something the purchase KNOWS, something the customer HAS, and something the customer IS (e.g., a PIN is something a purchaser knows and a phone is something a purchaser has).

  • 3DS / 3DS1.0 / 3DS — Standard — 3D Secure provides added security to reduce the likelihood of unauthorized transactions. You might also know it under branded names like, “Secure,” “SafeKey,” and “Identity Check” for card providers like Visa, American Express, and MasterCard.

  • 3DS2.0 — 3D Secure 2.0 introduces new data requirements to 3DS that reduce friction, optimize for mobile, and tailor authentication methods to the purchaser (based on the issuing bank). 3DS2.0 further secures online payments to reduce the likelihood of unauthorized transactions.

2. Effective date.

PSD2 is effective 14 September 2019.

NOTE: The deadline for PSD2 is extended for some countries, like the U.K. For those countries, the effective date may differ.

3. Impact on registration.

Purchases where your issuing bank and the acquirer bank are located in the EEA (minus countries with delays) are subject to SCA with 3DS2.0. You have to complete the authentication requirement for the issuing bank to purchase tickets. The authentication process is determined by the issuing bank and not Eventbrite.

4. Turn off authentication.

PSD2 sets new requirements for payment transactions in Europe (effective 14 September 2019). You have to complete the authentication requirement for the issuing bank to purchase tickets. Payment transactions totaling less than €30 (or the equivalent in your currency) may not be subject to 3DS2.0 authentication. This is determined by your issuing bank and not Eventbrite.

Still have questions?