Interviews, insight & analysis on digital media & marketing

PSD2 one year on. What have we learned?

The Payment Services Directive Two (PSD2) is a piece of legislation designed to force providers of payment services to improve customer authentication processes and to also bring in new regulations around third-party involvement. ECA asked  Galit Michel, VP of Payments at Forter for her views on what we have learned in the year since the legislation was enforced.

What have European merchants learned post-PSD2 and what are the opportunities for UK merchants?

In the year since PSD2 enforcement, European merchants have learned that using Strong Customer Authentication (SCA) in the form of 3DS applies a lot of friction to the checkout process. Some merchants have lost almost 30% of their transactions where 3DS was applied.

We have also noticed that different issuers, even in the same country, treat exemption requests differently. Merchants need to optimise their use of exemptions, particularly in markets with low 3DS performance, and pay attention to the differences between issuers (which can change frequently and without warning).

UK merchants have the benefit of being able to learn from the EEA implementation of PSD2 and pursue opportunities to remove PSD2 friction and create a competitive advantage. They can do this by using a smart PSD2 solution that enables them to make accurate Transaction Risk Analysis (TRA) exemptions and apply SCA only when required. Forter’s platform can ensure that up to 90% of your eligible traffic is exempted and drive a conversion uplift of as much as 6-8%, by using automation and machine learning.

Why will merchants unprepared for SCA and PSD2 enforcement suffer?

If merchants are unprepared for PSD2 and SCA, they may make suboptimal decisions in balancing the risk and friction of their online payments. Unprepared merchants tend to send everything to 3DS or request exemptions for everything, both of these approaches have limitations. By sending every transaction to 3DS, merchants may lose up to 30% of their transactions, due to cart abandonment, authentication, and authorisation failures.

Attempting to exempt all traffic also harms conversions by up to 5%. In addition, merchants will be liable for any chargebacks, as well as run the risk that future exemptions will not be permitted by their PSP or the issuing bank if too many fraudulent transactions are let through. We have also noticed that different issuers, even in the same country, treat exemption requests differently, and there are even some issuers that prefer that all transactions go to 3DS.

What many merchants don’t realise is that making use of exemptions relies on maintaining a low fraud rate. Only by choosing a partner that can make accurate and real-time decisions about every digital interaction will merchants be able to optimise their payments, keep their fraud risk low and protect their revenue.

Could the widespread use of frictionless 3DS lead merchants to underestimate the impact of UK PSD2 enforcement?

Prior to PSD2 enforcement in the UK, 60% of transactions went through frictionless 3DS. Frictionless 3DS doesn’t require customers to complete any challenge – they simply have to wait a few more seconds for their transaction to go through.

What many merchants may not have realised is that frictionless 3DS isn’t PSD2 compliant, so they may have a rude awakening once they see the abandonment and authorisation rates on the payments sent to 3DS with friction, which requires customers to perform an action at the checkout (e.g., entering a password, fingerprint approval).