The Payment Services Directive (PSD2) is a set of European regulations created to improve consumer rights, make digital payments more secure and spur innovation in the financial services industry. PSD2 introduced Strong Customer Authentication (SCA), which protects customers from online fraud by requiring two-factor authentication via password/PIN, card reader or phone, or a biometric such as a facial scan or fingerprint.
SCA specifies additional requirements to ensure the integrity of data transmitted during a transaction and protects users in the event their security credentials are lost or stolen. Once it is fully in force in March 2022, regulators can fine or even decertify companies that are not in compliance.
A number of transactions deemed “out-of-scope” or “exempted” are not subject to SCA. In addition, some transactions are also exempt based on a sliding scale of transaction value (in Euros) and the potential of fraud estimated by Transaction Risk Analysis (TRA) processes. For online merchants, it’s important to understand how they can take advantage of this and other exemptions to minimize customer friction and maintain conversion rates while still keeping fraud rates low.
In 2020, Ekata surveyed companies across the European Payments Service Provider (PSP) industry (that collectively account for more than 60% of the European card not present transaction volume) to gauge how ready acquiring organizations are to meet PSD2 requirements. The findings reveal distinct patterns of adoption among payment service providers, with survey respondents tending to fall into 1 of 4 categories:
Leaders
A typical leader is a company that sees PSD2 SCA as an opportunity to differentiate themselves in an increasingly commoditized market. They have a strategy in place, can meet baseline requirements before the SCA deadline and are investing in fraud related product offerings to separate themselves from the competition. Leading PSPs plan to help merchants minimize cost and maximise payment acceptance by building intelligent decisioning platforms.
Challengers
While usually smaller than the leaders, challengers also see PSD2 SCA as a long-term opportunity to gain market share and are investing now. Many are focused on offering features and building fraud platforms that enable merchants to interact with their payment flows.
Laggards & Question Marks
Laggards come in all sizes. They intend to meet only the bare minimum compliance with regulatory guidelines but are not doing much more to help merchants. At this point, they aren’t even considering services such as machine learning-driven fraud screenings and are generally waiting for the dust to settle. Laggards includes Question Marks, the significant number (42%) of those surveyed who have not yet defined a position. They may be under-resourced or niche players.
From the providers and merchants that are embracing SCA, we have identified 5 markers that typify successful implementations:
- Have a Communication Strategy: While 80% of respondents see SCA as a key part of their portfolio, leaders have implemented a strategy to clearly and consistently communicate with and educate their customers.
- Identify Priorities for Merchants: The looming deadline for SCA compliance is placing a heavy burden on merchants. PSPs and acquirers can help them prepare by educating them on the minimum requirements for preventing declined transactions, driving the adoption of mandatory technologies like the EMV 3-D secure (3DS2) messaging protocol, ensuring merchants understand out-of-scope exemptions and more to ensure they can still provide a positive customer experience.
- Build Tools and Recognize Data Importance: Good TRA models can drive better exemption rates for low risk transactions. Top tier PSPs are building out their internal fraud management capabilities, with an emphasis on good data. SCA provides rich data across merchants, which is leading 80% of PSPs surveyed to develop in-house tools or collaborate with third parties.
- Understand Issuer Behavior: With PSD2 and 3DS2, merchants will share more data with issuers who can, in turn, make more informed authentication decisions and potentially reduce declines. But leaders and some challengers understand that issuer behavior often depends on size and location and will likely change as SCA is more widely implemented. PSPs who best understand issuer behavior will have an advantage.
- Pay Attention to Smaller Merchants: Larger merchants have the resources to more easily adjust to life with SCA. But smaller merchants, who account for 80% of the European ecommerce market, may not. PSPs who provide transition support for smaller merchants can build revenue and market share.
For acquirers, issuers and merchants, additional data will be essential to successfully navigating the transition to PSD2. The ability to leverage data to minimize the number of customers who require further authentication will become a differentiator in the marketplace. In the short term, this means PSPs should focus on offering the most exemptions and reducing friction for customers attempting to make a purchase.