Payment Services Directive 2 and Strong Customer Authentication for commercial customers

As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed. This verification requires multi-factor authentication to help ensure your online purchases are secure and protected. The date for this verification requirement will be delayed for some countries.

For more information, see Microsoft FAQ about Payment Services Directive 2 and Strong Customer Authentication.

When is multi-factor authentication required?

Currently, verification requirements for this directive using multi-factor authentication only apply to customers using credit cards from banks in the 31 countries of the European Economic Area. Sometimes customers will be prompted because of an action that they took, and sometimes they are prompted because of events with their existing subscriptions or services.

Customer Actions

Your bank may require verification through multi-factor authentication. Some examples include:

  • Signing up for a new subscription
  • Adding licenses to a subscription
  • Adding or replacing the credit card used to pay for a subscription or service
  • Adding or replacing a credit card on a billing profile
  • Buying apps

Subscription lifecycle events

Charges for recurring payments might fail. If they do, you’ll receive an email with instructions to follow. You’ll be prompted to respond to the verification request and make your current payment.

Need more help?

Your financial institution is the best contact for these scenarios:

  • You didn't receive a verification code.
  • The verification process didn't work after you submitted the verification code.
  • You're not sure if the contact info for your credit card is correct.