Non-cash transactions are increasing exponentially, both in number and in value. This is partly due to the recent global pandemic and partly due to the ease with which consumers can complete cross-border transactions.
As the ease with which consumers can purchase online increases, so does eCommerce’s appeal to fraudsters; Today, criminals are investing heavily in sophisticating their methods of operation and attempting to commit online crimes.
New regulations have been set in place to reduce the impact of online fraud and secure online transactions – namely the Payment Service Directive (PSD2). The new initiative aims to protect consumers and merchants by incorporating Secure Customer Authentication (SCA) and multi-factor authentication.
While outwardly consumers will experience more friction as part of the checkout process, the real change has to happen on the issuer and acquirer side.
Unfortunately, not everyone is as prepared as they should be.
Merchants need to be concerned about the impact of PSD2 on their consumers, but they also need to ensure their entire payment ecosystem is prepared for PSD2.
It Takes an Ecosystem to Support Exemptions
Complying with PSD2 is not a single-party issue; all parties involved in a transaction need to ensure their systems are PSD2 compliant, or the transaction can fail at any step of the way.
Under PSD2, consumers must complete Secure Customer Authentication (SCA), and this will primarily be done via 3D-Secure (3DS).
For issuers, complying with the new directive requires having the technical infrastructure in place that supports 3DS authentication and authorization as well as potential evolutions of 3DS2, such as 3DS2.2.
While 3DS increases the friction consumers must go through, PSD2 does provide an opportunity for 3DS exemptions. However, exemptions will only be granted for transactions that meet specific criteria such as transaction amount, low risk, and more. Issuers prepared for PSD2 will be able to accept and process exemption requests, differentiate between the types of exemptions and determine if the requests should be approved or declined. Issuers who have the right infrastructure will maximize exemptions for legitimate consumers, thereby increasing merchants’ revenue generation and ensuring full PSD2 compliance.
Much like issuers, acquirers also need to be prepared for PSD2 on a technical level to be able to process 3DS transactions and support exemptions. To request exemptions, acquirers need to adapt their solution and provide an exemption request option in their API. Acquirers that are prepared for PSD2 will be able to process those requests in the best technical way and effectively communicate when exemption declines occur, and merchants should use 3DS as their SCA.
In a post-PSD2 world, the entire payment ecosystem must support 3DS2 transactions and exemption requests, including the merchant. Merchants are responsible for ensuring their consumers have a seamless checkout process and that legitimate customers are able to complete transactions. To do that, merchants must maximize exemption use, reduce 3DS where possible, and know more than ever about their partners.
To increase the chances of exemptions being approved, merchants need to keep their fraud rates low. Merchants with a strong fraud vendor and a proven history of low fraud rates will be able to request exemptions from their acquirers. Acquirers will then be more inclined to accept the exemption requests and let merchants process transactions without SCA, increasing revenue generation, and improving customer experience.
Can Your Ecosystem Support 3DS2?
If an issuer or acquirer is not prepared for PSD2 and cannot process 3DS2 transactions by the time the regulation goes into effect, merchants will suffer from poor customer experience and potentially higher decline rates.
Issuers who are not ready for PSD2 will have to use alternative processing methods. Issuers who cannot process 3DS2 will use 3DS1, however that comes at a cost of poor customer experience, high friction, and high declines. Under PSD2, Issuers that do not have the infrastructure in place to support 3DS1 will have to process transactions using the card schemes SCA via stand-in processing (STIP).
When using stand-in processing, the card scheme determines the fraud and liability, and the issuer is the one left with making the authorization decision as well as assuming chargeback liability.
If the issuer is left with the task of authorizing the transaction and knows they are responsible for chargebacks and that authentication was not really done, only that stand-in processing was done, they will likely decline the transaction. Since the issuer is not motivated by conversions, they will prefer to lower the approval ratio and not take the liability.
Keeping an Eye on Issuers Post-PSD2
It is not possible to verify in advance which issuers are PSD2 ready and which are not. That is why merchants need to adapt their operation methods and have a system in place that lets them monitor transactions and get real-time analytics and insights into their status.
All parties that compose a merchants payment ecosystem must be ready for PSD2 once the directive goes into effect. Issuers and acquirers that are not ready may cause merchants to experience fluctuations in transaction authorization and exception approvals. This will impact their customer’s checkout experience, increase the transaction decline rate, and decrease revenue generation.
Understanding if an issuer or acquirer is ready for PSD2 can only be done in hindsight; once PSD2 goes into effect, merchants must effectively analyze all their transactions and filter transactions to determine which issuers or acquirers have low exemption acceptance, low 3DS authentication rates, low 3DS approval ratios and more.
For example, if an acquirer continuously declines TRA exemption requests, they may not be prepared to process such requests. If a merchant knows that an issuer cannot process 3DS2 and only has 3DS1 in place, they should try to avoid 3DS by requesting exemptions. To determine when to request an exemption, what type to request, when to process using 3DS, and more, merchants must have all the information available in an easily accessible format.
By understanding how ready each issuer and acquirer is for PSD2, merchants will be able to communicate their needs to their acquirer, find a different partner when needed, or stop sending exemption requests that are likely to be declined.
As PSD2 increases friction and revenue generation potential, ensuring each legitimate customer that wants to complete a transaction can do so will become increasingly crucial. Merchants who do not examine this in-depth will not be able to identify the problem and solve it. Many times, merchants can resolve cases such as this by communicating directly with the issuer. However, it is the merchant’s responsibility to identify the problem, and they can only do this if a monitoring and payment optimization solution is in place.
A smart payment optimization solution can provide real-time insights into the state of transactions and analytics on approvals and rejections, helping merchants identify potential problems before they impact their bottom line.
Merchants Can Have it All: Revenue Generation and PSD2 Compliance
Merchants should not expect that all issuers will be ready on their behalf and must have a payment strategy in place to ensure they are ready for PSD2. Assuming that their entire payment ecosystem is ready may have worked in the past, but now, failure to ensure that all parties are ready and able to process 3DS2 and exemptions could result in more declines and less revenue.
If merchants thought their responsibility was to sell goods online, PSD2 changes that.
Merchants must now ensure that the entire online experience is positive, and that includes the checkout. Otherwise, merchants will waste a great deal of time, energy, and resources getting consumers to add items to their cart but will fail to convert the transaction, and as a result, will not see revenue.
Since PSD2 is expected to increase friction, now is the time for merchants to do what they can to reduce the impact friction has on their consumers and deliver a frictionless payment processing experience.
Merchants that adapt their payment strategy, have a strong payment processing partner in place, and monitor their transactions to understand issuer and acquirer behavior will be able to be PSD2 compliant as well as profitable.
Are you able to ensure your consumers have a positive checkout experience while being PSD2 compliant? Ask yourselves these questions to find out:
- Are you able to identify potential partners that are not PSD2 ready?
- Do you have a monitoring solution that provides effective insight into the state of all transactions?
- Is your checkout process considered part of your customer happiness?
- Do you have a system in place for SCA exemptions?
- Do you have a PSD2 provider?
Subscribe to Forter’s fortnightly newsletter to receive updates on PSD2 insights and strategies.