RSS feed Get our RSS feed

News by Topic

BizReport : Law & Regulation : July 22, 2019

Expert: What brands need to know about PSD2

A year after GDPR was put in place in the EU the conversation around consumer data and privacy continues, and now there is another aspect to that conversation where businesses are concerned. That aspect is PSD2, which will rely on stronger customer authentication to increase the security of payments and payment data. Here's what brands need to know.

by Kristina Knight

Kristina: How will PSD2 change digital commerce once it goes live?

Shane Spears, Director of Payment Strategies, Accertify: The biggest change for digital commerce will come from managing the SCA process and many merchants will opt to employ 3D Secure to achieve SCA.

The new rules require something called 'two factor authentication' by default and there are types - knowledge (something you know), possession (something you have) and inherence (something you are). The industry requires ways to combine factors together to comply with the new rules, while still providing a seamless experience for consumers.

This introduces its own challenges, as this added friction in the check-out process may cause an increase in customer service issues or shopping cart abandonment. Additionally, it is important to understand that any time brands ask for more information from their customer it can open doors for new phishing attacks that prey on customers' confusion. However the positive is that requesting more information from the customer will also likely reduce fraud. There are also a number of exemptions which enable consumers to 'whitelist' merchants to make checkout easier. And there are benefits for the brands as well - payment providers with lower overall fraud can allow transactions under certain values through.

Kristina: There is still a bit of time for brands to implement a PSD2 strategy - where should they begin?

Shane: Brands should consult either their current PSP (payment service provider) and/or fraud screening service to determine what options are available. There are providers, such as Accertify, that offer specific authentication solutions designed to minimise friction and reduce the amount of development required to meet SCA. The most important strategy elements are those that meet compliance while minimising impacts on customer experience.

With GDPR we saw a significant lag between when the legislation went "live" and when brands actually began implementing; do you expect to see similar results this time, with brands waiting to implement PSD2?

At Accertify, we have had numerous conversations with brands to determine their plan of action. Whilst many merchants are not ready for SCA, most of them are aware of the potential disruption to their business if they don't meet the deadline. The EBA, accepts that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September 2019, limited additional time will be provided. This is to allow issuers to migrate to authentication approaches that are compliant with SCA, and acquirers to migrate their merchants to solutions that support SCA. 
Notwithstanding the above, failure to meet the requirements could result in transactions being declined outright, thereby severely impacting the business of many brands.

Kristina: Are there any drawbacks to PSD2 for retailers and brands?

Shane: While SCA/3DS will help curb fraud, it is important to note that when there is
increased screening on certain transactions, the fraud can migrate to transactions that are out of scope. Oftentimes fraudsters are known to prey on customer confusion. A study commissioned by Stripe and carried out by Fahrenheit 451 found that only 40 percent of businesses aware of SCA felt prepared to meet its requirements.

Kristina: What about benefits to this new legislation?

Shane: Long term, the directives around SCA should result in lower fraud. This will benefit brands as well as customers. There are other aspects of the PSD2 legislation that also have the potential to improve the payments process, such as the Open Banking Standard, which requires UK banks to open their APIs to other banks and third-parties.

The deadline for European businesses to comply with PSD2 is September 14, 2019.

Tags: Accertify, advertising, ecommerce, GDPR, mobile marketing, online payments, payment trends, PDS2 trends, PSD2 tips

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.