Articles Perks Without a Card About Us Get in Touch Search Privacy
  • AI translated: 11. December 2025
  • Content updated: 25. January 2021

The New Payment Services Directive

The new Payment Services Directive PSD2 (Payment Services Directive 2) took effect in January 2018, but the strong authentication requirement for online shopping took effect only on 31.12.2020. Now this appears to users as online payments that are a bit more complex but safer.

Objective of the Payment Services Directive

The directive's objective is to improve the security of card payments. The paying customer must be identified more reliably so that it is harder for outsiders to misuse the card.

What Does Strong Authentication Mean?

Strong authentication means verifying identity electronically. This is needed for remote purchases where the buyer is not physically present at the point of payment.

Strong authentication typically relies on two of the following factors:

  • Something the person knows, such as a PIN
  • Something the person has, such as a phone or a code list.
  • Something inherent to the person, such as a fingerprint.

The Strong Authentication Requirement in E-Commerce

The strong authentication requirement in e-commerce took effect only at the turn of the year after a transition period. It is no longer enough for the user to have just the bank's code list or a card number. The requirement in online stores applies to payments with both debit and credit cards.

The bank may allow purchases under €30 without strong authentication. However, the bank controls this, so even for small transactions, the buyer may encounter a strong authentication prompt. Typically, strong authentication is required after several small payments, as with contactless payments.

Examples of Bank Implementations

Bank Norwegian Visa Card

Strong authentication with the Bank Norwegian Visa Card was designed to be user-friendly. The user sets a password for authentication in the bank's app and must know it during authentication. In addition, a one-time PIN is sent to the phone. This confirms the phone is in the payer's possession and that they know the password.

Bank Norwegian Visa Card has no annual fee.

Curve Pay

With Curve cards, strong authentication is also smooth. During checkout, the user is asked to open the Curve app with a fingerprint or a PIN. The user can then decline or approve the transaction in the app. This confirms the phone is in the user's possession and that they know the PIN

Curve Pay offer fee-free currency conversions.

Nordea Payment Cards

With Nordea payment cards, strong authentication is a bit more cumbersome. At the authentication step, the user must know their online banking username. Then they must open the Tunnusluku app on the phone and enter its PIN. This confirms the phone is in the user's possession and that they know the PIN

Bottom Line

The strong authentication requirement for online purchases does not make card use much more difficult, but it significantly improves the security of card payments. It is smart to review your card issuer's instructions in advance on how to authenticate online with your card. Typically, you must prove you have your phone and know your PIN