The motives behind PSD2 are, on the whole, quite positive: protecting online businesses and consumers, while driving competition in the European payments industry. But while the exact implications of this regulation for merchants remain to be seen, it is already apparent that its execution may not be as fruitful as intended. It’s no secret that PSD2 has the potential to negatively impact online retailers’ revenue and brand reputation. In this article, I discuss what PSD2 means for merchants, and outline how they can take advantage of the transformed payment ecosystem to ensure better business outcomes.
SCA: friend or foe?
One of the main goals of PSD2 is to encourage issuers to protect their cardholders from fraud – primarily by sending orders through Strong Customer Authentication (SCA). This seems promising, except of course for the friction that’s expected to greet shoppers at checkout. Also – subjecting European online transactions to this type of authentication won’t eliminate fraud. Yes, it’s likely to prevent it in many card-not-present orders (albeit at the expense of good customers), but fraud in channels and markets outside of PSD2’s scope is likely to become more prevalent, as will ATO attacks.
Will 3DS 2.0 mean less friction?
SCA will essentially be provided by 3DS, which until now has proven to be problematic for Europe’s largest online markets. The current version, 3DS 1.0, offers legitimate shoppers a great deal of friction, leading to high rates of cart abandonment. According to Riskified’s data, drop-off rates can reach up to 25% in some European countries – depending on the device used.
It’s still a guessing game as to what extent 3DS 2.0 will be able to reduce card abandonment. We’ll know more once the majority of issuers have migrated to the new version (note: this could take a while). What we already know is that, in most cases, 3DS 2.0 will still add another step to the payment journey, potentially ostracizing legitimate customers. 3DS 2.0 also requires that issuers make accurate decisions based on a host of data points. No easy feat given that until now this hasn’t been a major part of their core processes.
The road to frictionless authentication
Luckily, regulators acknowledged the friction introduced by SCA, and devised a range of exemptions to allow some transactions to go through friction-free Transaction Risk Analysis (TRA) instead.
There are several avenues for exemptions, but given the large value range covered, merchants will truly gain from exemptions designed for ‘low risk’ transactions between €30 and €500. To submit exemptions for these, acquirers’ overall fraud rates cannot exceed the stipulated thresholds – currently 0.13% for transactions below €100, with acceptable fraud rates decreasing as the order value increases. Such low rates of fraud are not easy to achieve without friction.
The dynamics of a new payment ecosystem
Does TRA only benefit merchants?
There are two ways to get a low risk exemption. The merchant/acquirer can request one from the issuer; or the issuer can grant one of their own volition. Importantly, chargeback liability always sits with the initiating party. So, what impetus do these parties have for wanting to maximize exemptions? The short answer: TRA will ultimately benefit them all.
Merchants need TRA to minimize customer friction, reduce fraud, and drive revenue. They want to give their shoppers what they have come to expect: a convenient, seamless shopping journey. Acquirers want to capture as many transactions as possible, and frictionless TRA can help facilitate this. Given that issuers are liable for chargebacks related to SCA orders, the logic here is that approving merchant/acquirer exemption requests will shift this liability away from them. Obviously less friction will also help keep them ‘top of wallet’.
Because of this liability, issuers may be reluctant to initiate an exemption request themselves. Similarly, relying on gateways and payment providers to request blanket exemptions is not ideal. Such an approach is bound to result in a great deal of fraud reaching the issuers, which will lead to higher fraud rates for acquirers, and fewer exemptions approved.
Smart TRA: key to preventing revenue loss
The good news is that merchants can benefit from the dynamics of this new payment ecosystem and shifts in liability. By taking advantage of the increased competition between acquirers, merchants can choose an acquirer with low fraud rates that is willing and able to push for SCA exemptions. But good acquirers won’t want to put their own ratings in jeopardy. In order to work with the best-performing acquirers, merchants will also need to demonstrate an ability to maintain low fraud rates.
Smart TRA is the best way to ensure all bases are covered. That is, applying TRA via an experienced solution provider that understands fraud, knows which orders to request exemptions for, and can confidently take on fraud liability.
A proactive approach to PSD2
For effective execution, merchants need to be proactive – they need a strategy to make the most of available exemptions to maximize TRA and keep fraud and friction to an absolute minimum. Listen to our webinar to find out more about:
- What PSD2 really means for merchants
- How savvy sellers are ensuring their revenue & brand reputation remain protected come September
- How smart TRA can maximize exemptions & help reclaim revenue from good customers who fail SCA