Despite its attempt to safeguard Europe’s payment ecosystem, and following various setbacks in its implementation, adhering to the Second Payment Services Directive (PSD2) is proving to be much more difficult for European e-commerce merchants than first expected; as brought to light by the latest study of Riskified.
The fraud management platform’s study revealed that nearly half of European and UK-based e-commerce merchants are still struggling to comply with PSD2, despite the regulation coming into full enforcement, following the extended deadline.
The study, which was centred on a survey of 207 decision-makers at organisations across Europe and the UK and conducted by Forrester Consulting, found that 45 per cent of respondents are either following the minimum requirements of the regulation or are still resolving the issues related to PSD2 rollout.
And despite hopes that PSD2 would reduce fraud and make payments safer, 39 per cent of merchants admitted that fraudulent chargebacks had increased on 3DS-authenticated transactions, negatively affecting their overall fraud rates.
The long road to optimisation
With the intention of making Europe’s payment ecosystem safer, more integrated, open and convenient, PSD2 was first imagined back in 2015, and of its most recognisable features, introduced Strong Customer Authentication (SCA), requiring multi-factor verification for online transactions where a card is not present.
But more than a year after the first anniversary of the enforcement deadline across the European Economic Area, the study reveals that nearly half of organisations are either complying with baseline PSD2 requirements or are still in troubleshooting mode, trying to resolve technical or integration issues, on their way to optimised payment strategies.
“The majority of survey respondents moved towards optimising their payment flows,” says Roman Korobkov, PSD2 domain expert at Riskified. “But those who are not ready yet are at a turning point in how to transform their payment strategy.”
“These e-commerce merchants are attempting to work within these new guidelines while trying to establish an equilibrium between user experience, security and compliance,” continues Korobkov. “But they are looking for some more transparency across the ecosystem to make things work.”
Fraud continues to proliferate
A large proportion of those surveyed revealed they had seen an increase in costs related to fraud prevention after PSD2 came into force.
According to the study, 43 per cent reported that, excluding the price of 3DS, costs had generally risen across the board, and of these, 57 per cent said their spending increased by a quarter or more compared to pre-PSD2 spending.
But while costs have gone up, merchants are still seeing an increase in fraudulent chargebacks on authenticated orders, negatively affecting their overall fraud rates.
“While for many merchants 3DS, being an industry standard for SCA, has proven to be efficient, it’s not a one-size-fits-all solution, and overreliance on it can be misleading,” warns Korobkov.
“The technology is evolving, but so are the fraudsters, coming up with multiple ways of bypassing the security protocol, both flows – frictionless and with a challenge. Now it’s all about building the right strategy tailored to the needs of business using the right data, as well as solutions and technology available in the market.”
Lock-ins and limitations
Eighty per cent of the study’s respondents believe that exemptions that are enabled by a fraud prevention partner or by a payment service provider (PSP) are proving to be an effective avenue in preventing orders from clashing with SCA, with 60 per cent of merchants reporting that they can prevent over half of their orders from adhering to SCA in this way.
Having said that, some e-commerce decision-makers also shared they are facing exemption-related limitations. While technically eligible for higher exemptions thresholds, they are not able to be exempt more due to overall limits established by their PSPs.
Decision-makers surveyed also opened up about finding it difficult to leverage solutions available in the market due to being limited by the payments ecosystems of their PSPs – 31 per cent said they were locked into specific tools offered by payment partners.
״PSPs are the ones offering 3DS solutions and exemption engines, and they should be ready to open up their ecosystem and collaborate with solution providers to optimise the payment processes,“ Korobkov says.
“Together with gaining more flexibility, optimising costs, improving authorisation rates, and getting more orders exempted from SCA, e-commerce merchants can have access to more data and independently choose partners and solutions tailored to their specific needs.”
What’s missing from PSD2?
Despite the concerns raised by this survey, it also identified some potential solutions to help merchants comply with the regulation while decreasing fraud rates and increasing revenues.
Respondents revealed that more data and transparency would help organisations advance their PSD2 strategies:
- 65 per cent asked for greater transparency in payment processing fees
- 61 per cent want regular updates on market performance
- 59 per cent requested reviews of solutions available on the market to help optimise compliance with PSD2
These findings highlight the need for better communication and transparency within the fraud and payments ecosystem to help merchants evolve their strategies and move from troubleshooting to optimisation.
It’s also worth noting that merchants are not resistant to PSD2, but instead believe it has the potential to improve their business and are ready and willing to build strategies around PSD2 once the system is more transparent.
Compliance itself is not the key goal. The respondents surveyed stated that gaining a competitive advantage by optimising their payment flows under PSD2 is crucial for their future strategy, alongside improved customer experience, higher conversion rates, and increased customer retention.