PSD2 Compliance Update

Today I have received a letter from Lloyds Bank about my business account as I receive card payments. They outline the changes taking place shortly i.e. September 2019. i.e. PSD2 Compliance.

I have mentioned this in another thread however I can not stress the importance of being compliant as if you are not from September you will not receive payments made by card (Credit/Debit)) from Europe unless you are irrespective where you are in the world.

I have an update as most of the commonly used merchants like Stripe/PayPal Pro etc maybe directly compliant but to date I do not know of any integration of these through Rapidweaver that are - PLEASE DEVELOPERS CORRECT ME IF I AM WRONG!

I use PayPal Pro account and Cartloom and I have worked with these both and I am now reverting back to basic PayPal account to become compliant. Simply if your stack/app uses an “internal” shop method you need to check compliance. If you shop redirects you externally direct to merchant and they are complaint then that’s OK.
In my instance PayPal is but the Pro version uses internal Cartloom payment system, the basic redirects to payPal outside Cartloom. Therefore the former is NOT compliant but the latter is!

I would like to thank ALL the guys at Cartloom for their support and help and now it’s a case of easily changing my shop set up and remain with Cartloom.

I ask you to ALL check your merchants and ask the question as September is not too far away if you have change your shops and merchant methods - especially if you have numerous sites.

If you regularly sell products in Europe and receive Card payments for this please check as it would kill my business if I received no money through this route post September 2019.


Just watched the Stripe webinar on this, all I can say is clusterfuck. My instinct is everyone, as in the banks and the processors, have been caught with their trousers down in this one. While Stripe skirt around things, it seems really, they’re not ready. Plus, according to them most of the banks aren’t either. And, there seems to be no continuity to implementation with the banks any with all of them taking different approaches.

I was big into ecommerce when 3d Secure first appeared, and while initially, almost to the launch, everyone was “if you’re not compliant you won’t be able to process payments”, when it changed to “if you’re not compliant by launch day liability shift won’t happen and it’ll be on you”. Then, after the deadline, whilst 3D Secure was there, it suddenly stopped being talked about.

The line from the banks at the moment is that if any part of the processing system isn’t compliant payments will be rejected, but from where I’m sitting, it’s just looks like it’s not going to happen, as a large number of transaction will fail and banks will lose billions in revenue.

Obviously we have to prepare and be as ready as we can, but it’s looking at present like it’s going to be the banks themselves who are the weakest link, so it’ll be interesting to see how far the enforcers at the EU are going to push things.

1 Like

@steveb THANKS for this update. The question I asked months ago was are there any RW Stacks that were PSD2 Compliant as the one I was using wasn’t for the set up I had i.e. PayPal Pro as I wanted to either get compliant or change. I have been learning all the time and have come to a very simple conclusion. If the RW programme stays within its own boundaries to accept payment then they have to be compliant. If the payment system directs you to a merchants system then they have to be and not RW Programme.
For me PayPal is and therefore by dropping down from Pro to Basic I meet the PSD2 requirement as instead of staying “inside” Cartloom the payments will be directed to PayPal.
I was thinking about my e-commerce RW side only but as I have now received Lloyds Business Bank letter about their changes and my input required this applies to all Banks and Merchant Banks in Europe only.
I suppose its a bit like GDPR last year - lets see what happens but if they do as they say and don’t accept payments yes its a double whammy as I, you and them will be hit badly.
Let’s see what happens but in the meantime I am making changes with PayPal payments option in Cartloom and can say I am PSD2 compliant.
Once again THANKS sincerely for your update it seems a lot of people are not interested in this subject yet.

Not interested, until payments get rejected!

I use Stripe for clients to pay me, and Stripe and OP for clients to get paid by their customers; so that’s online retailers etc. I’m still not 100% sure on who has responsibility for what, but for sure clients will shout at me if their own online payments from customers fail.

I continue to read and learn, and where possible implement. But if the banks and the processors are not ready, there is little we can do.


@steveb Thanks all the same your input is gratefully received! Have a great day!

1 Like

Talking purely about my experience with Fastspring they simply send me a bank transfer once a month when sales reach a certain level. As far as the bank is concerned it’s just a transfer like any other and it’s Fastspring’s responsibility to ensure compliance with all the various international laws, since they are the billing company. The end user is technically buying from them, rather than me.

1 Like

Are Stripe putting those webinars online as replays? Do you have a link?

Ashley - I apologise as I have no experience of Fastspring. If you have a website and the person buying from you stays within your site to purchase then you need to compliant. If the person is directed from your site to a payment gateway then they need to be compliant.
I hope this helps?

I can check with Fastpring, but I think you could be making this unnecessarily complex.

The site visitor is not even buying from me. They are buying from Fastspring and the download is stored on Amazon S3. When the buyer clicks on the buy button a pop up cart appears and they agree to Fastsprings terms, plus their privacy policy. They can then pay by a number of means.

At the bottom of the popup it says “Sold and fulfilled by Fastspring — an authorized reseller”. It is Fastspring’s responsibility as the seller dealing with the customer to be legally compliant, handle VAT payments and deal with delivery. That is what they are paid for.

1 Like

OK looks like I am covered.


I am so happy you are and good luck going forward. I am based in Uk and I ma now receiving letters from my bank about making myself compliant with them and this is without e-commerce merchants. A lot of major merchants are just getting their ducks in a row and as stated before I use PayPal Pro which is not compliant with Cartloom yet but basic PayPal is as this transfers customers to payments off site to PayPal so do not stay within Cartloom.
At the end of the day I just want to be paid and they same for you and everyone else. It is only European transactions but there are certain people around who state that they’re not in Europe so it doesn’t affect them. Sadly it will!

Have a great weekend.


I am based in the UK as well. No letters and no problems. Just use a proper billing company.

Which products are you selling?

I’m NOT based in the UK, but my bank is and (although I’m ALSO not currently selling anything online) I’m also receiving these letters from my bank!

Fastspring and Paddle are all well and good for digital downloads acting legally as a Merchant of Record but most people are selling real products and so they need to ensure their own compliance (unless of course they are small and based in the US in which case they will probably just ignore it and get away with it just like they do with the VAT laws.)


Fastspring handle physical products as well. I don’t think it really matters how socks are stored or sent by courier. Surely what matters is how the financial transaction is handled.

Just for the record, I am not here to promote Fastspring at all. They have their negatives and I found the setup process very fiddly. There may well be alternatives that do what you need.

I would not consider Fastspring or Paddle for physical products. IMHO using these services makes only sense if you have digital downloads and have to take care of the digital VAT laws.

I’ve read that also inside some states of the US, some digital download VAT laws are discussed?

1 Like

Curiously I just received an email from Google saying they are due to shut down their existing Google Pay service in September. I just did a quick search and they were granted an e-money licence for PSD2 back in January, so they may well come up with a solution.

@ashleykaryl I am a UK Limited company, I sell B2B and B2C and I use companies I have never had any problems with. Its not just commerce for me but company accounts and bank accounts which all come under the PSD2 umbrella. I have now received three letters from banks and accounts now so everyone striating to get twitchy and do last minute panic!

@Jannis I sell B2B and B2C products for disabled customers and promote DVT awarness have a look at to see what I do.