Secure bookings with Two-Factor Authentication—Directive (EU) 2015/2366 PSD2

Driving your new business car should be secure from the moment you get behind the wheel. So should managing your SIXT account. With Two-Factor Authentication (2FA) in accordance with Directive (EU) 2015/2366 PSD2, we make sure all your bookings and payments are as safe as possible.

What is the Payment Services Directive2?

Directive (EU) 2015/2366 PSD2 (short: PSD2) is a convoluted way of saying: Let’s make your payments and bookings as safe as possible by ensuring nobody can book a shiny new business car in your name and drive off while you’re stuck with a headache and lots of paperwork.

On 14/09/2019 the European Union issued a new directive for online payments that requires Two-Factor Authentication every time you want to make a purchase on the internet. If you’ve ever bought something online over the last 2 years, you’ll already be familiar with 2FA. It might sound complicated, but it really is just a couple extra clicks before hitting ‚Buy’.

Since certain kinds of online bookings, especially of big-ticket items such as a car, pose a potential risk for fraud, both banks and the EU decided that one single password isn’t enough protection for your accounts. Instead, according to Directive (EU) 2015/2366 PSD2 you need two different types of authentication from different categories in order to determine your identity. The categories are Knowledge (password, PIN, security question), Ownership (smartphone, smartcard, token, TAN) and Identity (fingerprint, facial recognition).

For example, your Two-Factor Authentication might look like this:

  • password + fingerprint
  • PIN + SMS
  • TAN + PIN

The app or website through which you’re making a transaction selects the first authentication factor. For example, a lot of the time you need to log into your account on that specific website in order to complete a purchase. Your bank then determines which second authentication factor is required for each transaction. The goal here isn’t to make purchasing online harder but to make sure you’re really the one using your account.

What does this mean for your booking with SIXT?


While this might sound confusing at first, it’s as easy as pie, we promise. All you need to do is browse our large selection of company cars, select a model you like, and book it through the SIXT App or website. Once you get to the payment section, you might have to identify yourself via 2FA. This step will be determined by your bank so don’t worry if this step does (or even doesn’t) show up.

Here’s what to do:

  • Step 1: Book your business car as usual. Select your preferred payment method and fill in any required personal information. This will then be transmitted to your bank, which in turn will decide whether or not a Two-Factor authentication is necessary.
  • Step 2: If your bank wants to make sure your account is protected from potential fraud, you’ll be asked for additional identification such as your fingerprint, a PIN or the answer to a security question.
  • Step 3: Once you’ve successfully verified your identity your booking is complete.

This process is the same for all our services through our app or website, from SIXT rent to our chauffeur services with SIXT ride or our car-sharing service SIXT share. Told you it would be easy.

Summary: Secure booking of your business car

One of the key benefits of hiring your business car at SIXT is that we don’t add to your ever-growing pile of responsibilities but make your life easier. This includes making sure you’ll never have to worry about your identity being stolen to book a car in your name. If you thought you had a lot of paperwork already, you don’t want to see the amount of paperwork that would result in. We want you to enjoy your SIXT business car hire from getting behind the wheel all the way up to your finish line. And that begins with a safe and secure booking process.

What you need to know about secure bookings and payments with SIXT:

  • Directive (EU) 2015/2366 PSD2 secures your financial transactions online
  • PSD2 requires Two-Factor Authentication to minimize the risk of fraud
  • Instead of just one password, you need to complete the authentication process in two steps
  • 2FA can be a combination of password + fingerprint, for example
  • Your bank determines the second step of verification
  • During the authentication process, your bank will verify you either through knowledge, ownership or identity