By Michael Reitblat, Co-Founder and CEO, Forter
In a bid to standardise and safeguard the payments landscape, the Second Payments Services Directive (PSD2), and its Strong Customer Authentication (SCA) requirement, outlines stricter security regulations for businesses to follow.
SCA was due to go into effect across Europe on 14 September 2019, with the UK being one of the exceptions following the Financial Conduct Authority’s (FCA) announcement that it will delay enforcement until March 2021. The staggered implementation of PSD2 makes it even more important that merchants act to ensure they’re fully protected from fraud now, and are prepared for the practical implications when the law kicks in across Europe.
The SCA component of PSD2 is designed to protect consumers’ financial data, offer greater transparency for payments services, and clarify the rights and obligations of users and providers. But what does this mean in practice for businesses?
The staggered implementation of PSD2 makes it even more important that merchants act to ensure they’re fully protected from fraud
Introducing additional friction to the transaction process
Banks and retailers alike have expressed concern over the complexity of PSD2 implementation, particularly regarding SCA. Central to this concern are the methods used to meet this requirement – knowledge, possession, and inference. These could involve consumers inputting an additional password or a code sent to a personal device, or submitting biometric data, such as a fingerprint, to finalise a transaction. For retailers within the European Economic Area, all online transactions must comply with SCA, and two of these three steps must be carried out for consumers to complete a purchase.
Consumers have concerns of their own as well, particularly in regards to the use of biometrics. Research shows over half (53%) are worried about using biometrics in online transactions due to fear of identity fraud. Businesses are also mindful that many authentication methods “interrupt” the customer experience and introduce increased friction into the path to purchase, potentially resulting in a loss of revenue.
The standard protocol for SCA compliance, 3-D Secure 2.0 (3DS2), doesn’t mitigate the concerns around friction. Successful 3DS2 authentication means the liability for a transaction shifts from the merchant to the issuing bank, while simultaneously introducing a significant amount of friction to the consumer journey. With 26% of checkout abandonment occurring due to increased frictions frustrating customers, businesses need to balance the security requirements of PSD2 with meeting consumer demands, and ensuring a simpler path to purchase.
Banks and retailers alike have expressed concern over the complexity of PSD2 implementation, particularly regarding SCA.
Resolving the challenges of PSD2 and SCA
Online merchants should embrace innovative payments technologies and fraud prevention software, to enable PSD2 compliance without compromising business objectives. The issues of additional friction and surplus effort, on the part of the consumer, can be resolved by adopting a different approach to the transaction process: dynamic routing, powered by human expertise and machine learning technology.
3DS2 concentrates on the checkout stage of the customer journey, whereas a holistic view of multiple consumers’ complete paths to purchase can be achieved by bringing together insights from domain experts and machine learning models. Dynamic routing reduces potential bottlenecks at the point of transaction, by identifying and leading consumers to the path of least friction, on a case-by-case basis, to optimise the individual transaction experience.
Through analysing a myriad of data points prior to the point of checkout, businesses are able to determine bad transactions upfront, or identify which transactions are exempt from additional verification. Deciding this in near real-time is essential to providing the optimal customer experience for each user.
Online merchants should embrace innovative payments technologies and fraud prevention software, to enable PSD2 compliance without compromising business objectives.
While PSD2 and its SCA requirements are a necessary measure to ensure the safety of consumers, cybercriminals will always seek to undermine regulatory updates and exploit potential weaknesses and vulnerabilities in the payments system. Machine learning technologies in combination with market expertise, empower online merchants to stay ahead of fraud and purchasing trends, recognising patterns in suspicious activities and immunising the threat early on during the path to purchase. Applying this system to a networked coalition of businesses, results in greater protection and is bolstered by the collective insights gleaned from all transactions processed throughout the broader consortium network.
Concerns surrounding PSD2 are legitimate, but the means to address them are readily available to merchants. By leveraging dynamic routing and machine-learning systems, powered by the insights and expertise of human analysts, online merchants can safeguard their revenue and conversion rates. This integrated fraud prevention approach will protect merchants not only against fraud attacks, but similarly from damaging their consumers’ paths to purchase. With the most innovative systems in place, businesses can guarantee that it will be only the fraudsters missing out when PSD2 comes into full effect across all of the EU.