While PSD2 intends to protect consumers from card-not-present (CNP) fraud and safeguard the European digital payment infrastructure, the directive is not without its checkout challenges. This blog explores PSD2’s impact on eCommerce merchant profitability. 

Challenge 1: Squandered revenue potential from false 3DS declines and unoptimized exemptions

For merchants, balancing superior customer experiences with PSD2’s narrow security and technical requirements is critical. PSD2 introduced a mandatory authentication step, including challenge and approval notifications that customers must complete to verify their payments. 

The mandatory authentication step that requires customers to verify their payments adds friction to the checkout process. Even if the customer completes the authentication, there is room for errors, which could result in declining legitimate transactions.

Not only do merchants miss out on the potential sale from the customer at that moment, but 3DS often pushes unhappy customers straight to the competition—unlikely to return to the original merchant. On top of the lost lifetime value, there is a sunk cost of acquiring the customer through marketing spend, and any return on investment for the converted customer is squashed. 

To avoid 3DS declines, merchants opt for correctly flagging out-of-scope transactions to bypass Strong Customer Authentication (SCA). These include mail order/telephone order, one-leg-out transitions (in which either the issuer or the acquirer is outside of Europe), B2B transactions, and prepaid cards.

Even though all European eCommerce merchants fall under the same directive, this situation is avoidable. To lower friction and authentication abandonment, these merchants can implement exemption strategies—without compromising security for customer convenience. Merchants using a PSD2-optimized solution to facilitate transactions can avoid losing customers and their associated revenue to 3DS declines and the competition. 

Challenge 2: 3DS on its own is not the silver bullet to fraud-related costs

While 3DS may have initially slowed fraudsters down, they are agile and persistent in identifying security vulnerabilities. Once fraudsters encounter roadblocks, they seek out loopholes to exploit–finding ways to bypass 3DS using password phishing scams, authentication code interception, email takeovers, and social engineering tactics.

Tacking onto the “traditional” fraud attempts, 3DS does not protect against friendly fraud, policy abuse, or even chargebacks from merchant errors—resulting in a high risk of fraud throughout the customer journey. Fewer data points on a transaction’s riskiness lead to fraudulent order approvals and legitimate order declines—and the impact of PSD2 on merchants is evident.

When asked about their experiences under PSD2, 33% of eCommerce decision-makers expressed that their overall fraud rate increased, and 39% said their post-3DS fraudulent chargebacks increased.

With high fraudulent traffic, the fraud liability may shift back from the issuer to the merchant. Not only does the merchant become liable for chargebacks, but issuers could lose trust and approve fewer transactions in the future. The result? Decreased overall authorization rates, unsatisfied customers, and fewer sales. 

Challenge 3: Operational costs related to PSP lock-ins and limitations compound other profitability challenges

Implementing tools to support PSD2 compliance presents more complexities than merchants previously anticipated. Very often, a merchant working with a payment service provider (PSP) for payment optimization can only use the solutions offered by the PSP, whose broader interests frequently differ from the specific merchant’s needs. In that case, the merchant’s data sources may be limited, and enhance their transaction exemptions or improve their customer experience, which can hinder their revenue potential.

To achieve the simultaneous goals of fraud prevention and revenue, balancing compliance, security, and user experience is critical. Achieving this is made possible by investing in solutions that optimize PSD2 compliance. As merchants continue to endure challenges under PSD2—from customer experience issues to high fraud rates and a lack of data transparency within the data ecosystem—the Forrester study is as relevant today as it was when first conducted. 

Read the Forrester Consulting study, E-Commerce Fraud Prevention: What Is The Post-PSD2 State Of Play?, to learn how optimization strategies can give your business an edge as you navigate the PSD2 directive.