Can your vending machine verify the buyer’s identity? Effects of PSD2 on self-service payment

Self-service payment has been a growing trend that allows merchants to improve the customer experience. The benefits of self-service payment include reducing queuing time and making products or services more accessible to consumers.

For self-service payment transactions to be executed securely and smoothly, the self-service point must have a payment terminal that meets the requirements of the PSD2 directive. In this blog post, we’ll cover the basics of the directive that a merchant should be familiar with before acquiring a payment terminal.

What is PSD2?

Payment Services Directive Two (PSD2), is a set of EU regulations related to payments, that entered into force in autumn 2019. The regulations were made to increase competition in payment services, increase the security of payments and improve consumer protection. The regulation applies to all electronic payments and payment account orders that involve a risk of abuse.

In practice, it forces payment service providers like banks to maintain payment and customer interfaces for third parties. Through the interfaces, third parties can provide payment initiation services, account information services, and card-based payment solutions to consumers. When using the services, the consumer must give consent to each payment through strong authentication. At the same time, there were also changes introduced in the law, which reduced consumer deductible in cases of abuse.

What is strong authentication?

Strong authentication ensures that the person committing the payment is the owner of the payment instrument. The user is required to have at least two of the following:

  • Something the user knows, such as a PIN or password.
  • Something the user has, such as a cell phone or a debit card.
  • Something that identifies the user, such as fingerprint or facial recognition.

In a self-service environment, a strong authentication method is mainly PIN code or authentication on the customer's device. The service is supposed to utilize the same authentication methods that the consumer also uses in their bank.

Exceptions to strong authentication in self-service payment

The directive also defines exceptions where strong authentication is not necessary. These include, for example, parking or public transport charges, where the risk of abuse and the benefits are estimated to be low.

Contactless payments of less than EUR 50 can also be made without authentication. However, there are pre-defined payment limits, and the authentication must be performed also with contactless payment if the limit has been reached. In the case of a self-service environment, this means in practice that the payment terminal must support strong authentication to avoid potential problems.


When you are looking for a suitable self-service payment terminal, it is important to choose a service provider that supports strong authentication. A properly chosen payment terminal keeps the queuing time short and the threshold for making a purchase decision low!

Scroll to top