Compliance
PSD2 & Strong Customer Authentication
This page explains how Rayl Payments — a product brand of Rayl Technologies BV — applies the Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366) and its requirement for Strong Customer Authentication (SCA). Because Rayl Technologies BV is not itself a licensed payment institution, SCA is delivered by our licensed Payment Service Provider (PSP) partners; this page describes the experience as it appears in our product.
1. What SCA is
Strong Customer Authentication means authenticating a payer with at least two of three independent elements:
- Something you know — e.g. a password or PIN.
- Something you have — e.g. your phone, a token, a payment card.
- Something you are — e.g. a fingerprint or face scan.
The two elements must be independent: a compromise of one must not compromise the other.
2. When SCA is triggered
SCA is required by PSD2 and its Regulatory Technical Standards when:
- You access your payment account online.
- You initiate an electronic payment transaction.
- You carry out any action through a remote channel that may imply a risk of payment fraud.
3. How Rayl Payments delivers SCA
The SCA challenge in Rayl Payments is provided by our licensed PSP partners. In practice, depending on the payment method, you may be:
- Redirected to your bank’s 3-D Secure (3DS2) authentication flow for card payments.
- Asked to confirm in your bank’s mobile app for account-to-account payments.
- Asked to use a biometric on your device combined with a session check.
Rayl Payments does not store the authentication factors themselves; that’s handled by your bank or the PSP. We receive only a confirmation that authentication succeeded.
4. Exemptions
PSD2 allows a limited set of exemptions where SCA may not be applied — for example low-value transactions, trusted-beneficiary lists, recurring transactions of a fixed amount, and risk-based exemptions under the Transaction Risk Analysis (TRA) regime. Any exemption used in Rayl Payments is applied by the PSP under their licence and in line with the RTS on SCA.
5. What happens if authentication fails
- The transaction will not be completed.
- You may be asked to retry or use a different payment method.
- Repeated failures can lead to a temporary block of your payment method by your bank or the PSP for fraud prevention. To unblock, contact your bank.
6. Your rights under PSD2
- Refund for unauthorised payments — if a payment was made without your consent, you can ask your bank or PSP for a refund. The PSP must refund the amount without undue delay and no later than the end of the following business day, subject to investigation.
- Limited liability for losses from a lost or stolen instrument — your loss is capped at €50, unless you acted fraudulently or with gross negligence.
- Right to information — clear, free, up-front information about fees, exchange rates, and the time the payment will take.
7. Fraud prevention and monitoring
Rayl Payments combines its own product-level signals with the PSP’s real-time fraud monitoring. If a transaction looks abnormal, you may be asked for additional verification, or the transaction may be declined. We never ask you for your full password, full card number, or one-time codes outside of the authentication flow itself.
8. Reporting suspected fraud
If you believe a payment was made fraudulently:
- Contact your bank or card issuer immediately to block your instrument.
- Email fraud@rayl.be (until provisioned, use hello@rayl.be with subject “Fraud”).
- Report to local authorities if applicable (in Belgium, the Federal Computer Crime Unit and your local police).
9. Regulatory information
Payment services in Rayl Payments are provided by licensed PSP partners regulated under PSD2 by their respective EU competent authorities. The names and licence details of the PSPs operating in Rayl Payments will be made available in product and on request from hello@rayl.be.
10. Contact
Questions about SCA or PSD2 in Rayl Payments: hello@rayl.be.