Revolut makes it easier for merchants to be compliant and transact securely by complying with Payment Card Industry Data Security Standard (PCI DSS), aligning with Payment Services Directive 2 Strong Customer Authentication (PSD2 SCA) and 3 Domain Secure (3DS), and through continual transaction monitoring.
PCI DSS states that merchants need to hold and handle data securely. Revolut systems take the burden of responsibility away from merchants by only allowing them to see the last four digits of their customers' card numbers. We also restrict merchants' access to their customers' data.
Following EU legislation known as PSD2, we pass the majority of transactions through Strong Customer Authentication (SCA) to make sure they're as secure as possible. This means your customers have to verify their identity in two out of three ways: with something they have (e.g. a mobile phone), know (e.g. a password or PIN) or are (e.g. fingerprint or facial recognition).
As part of SCA, we also use 3DS. This verifies your customers' identities by redirecting them to the secure environment of their card issuer. Once they've passed through 3DS, they're sent back to your website to complete the transaction.
We have specialist internal and external platforms that monitor transactions across our entire payment system, not just merchant payments. This helps us judge whether a transcation should be accepted or declined. It also helps protect merchants against transactions made with stolen cards.