Comment by sgjohnson
3 years ago
I personally can't stand PSD2[0]. It has completely ruined the online shopping experience in the EU (for me at least).
I loved the way American Express implemented it. They sent you a one-time passcode on your first purchase with the merchant, and then you could also choose for them to not bother you with any further purchases from the same merchant. I had this enabled by default, it made the experience a million times more enjoyable.
Unfortunately not everyone took AmEx, and I no longer live in UK (or a country where AmEx has presence for that matter), and the way banks in my current country of residence have implemented it is absolutely abysmal.
1. The billing address must be a match 100% of the time, which is painful in situations where you can't specify separate billing and shipping addresses and you want the item shipped to a different address (could be 3 for me)
2. Mandatory 2FA on every transaction, depends on the exact implementation, but typically you must wait for a notification on your phone, and then type in a PIN. In some implementations you have to scan a QR code, and then type in the said PIN. Sometimes the solution they use for this is down.
3. If anything is wrong at all (billing address/mistyped CVV/whatever), the transaction just gets refused at the end of this loop. Was it something you did wrong? Is some system down? Let's try again.
And sometimes this even messes up recurring subscriptions. My Microsoft 365 Business sub that's billed monthly on a credit card GETS REJECTED EVERY TIME UNTIL I MANUALLY GO THROUGH THIS STUPID PROCESS.
It has made paying for things online a chore. I couldn't care one bit about all the fraud this presents, because I was never liable for it in the first place. That decision was previously up to the merchants (who could have implemented all of this if they wanted to). Now it's forced on everyone.
Two-factor authentication is my least favorite thing about PSD2. Back in the day I would simply memorize my credit card data, and was free to buy anything online, anytime. It also gave me confidence during the vacations abroad that if i get mugged on the street I will still have access to my money. Now I need to keep my phone close for SMS codes / mobile app authorization, and I need to keep a backup phone just in case my primary phone breaks/gets lost/is stolen.
tbf that's more an issue with incompetent software devs and more importantly (lest someone accuses me of shifting the blame on devs like a clown would) horrible business product owners. My hope is that Biden's executive order on SBOMs and whatever thing like it which the EU probably has in the works will (unfortunately only slowly) shift the way in which the way business treats software development affects software development culture. (SBOMs may sound completely tangential to this, but in the long run they have a pretty important role to play here.)