It is said that during times of adversity, people band together; PSD2 is a crucial time for the entire payment ecosystem, and everyone involved needs to come together to understand the impact of the new directive.
Together, merchants, issuers, acquirers, gateways, fraud protectors, and more will be able to understand what actions can be taken to protect operations while maximizing revenue generation, creating a win-win for the entire ecosystem.
As leaders in fraud protection, we recognize that our role goes beyond protecting operations and providing a PSD2 solution. We view our role as champions for merchants, providing insight, guidance, and actionable solutions that help merchants navigate changes in the payment world, whether resulting from fraudster sophistication or payment regulation.
That is why we recently brought together key leaders from the European payment ecosystem, including Paul Rodgers, Chairman of Vendorcom, David Jones, Vice President of Business Development from MasterCard, Niki Cannon, Director of Payments Consulting EMEA at American Express, Ian Butler, VP Product Manager from Elavon, Amanda Mickleburgh, Director of ACI Worldwide, Mark McMurtrie, Director of Payments Consultancy, and our very own Neil Smith, Head of Business Development for EMEA at Forter, to discuss the upcoming regulation and understand the role each party plays in ensuring merchant operations continue to thrive.
We are proud to share our top takeaways from the webinar and to continue providing our merchant community with insights on how to navigate PSD2 from a strategic level.
Takeaway #1: Exemptions Are Everything
While it will take the payment community a while to truly adapt to the new regulation, the most crucial thing for all parties right now is to prepare their systems for exemptions.
As the dissonance between consumer desires and regulation continues to grow (one wants a seamless checkout process and the other requires more friction than ever), the ecosystem’s role is to find the balance between full Secure Customer Authentication (SCA) and exemptions.
The most common exemption, Transaction Risk Analysis (TRA), will be the most crucial one for merchants since it is the most dynamic one based on merchant or issuer risk rather than pre-set payment amount.
Other exemptions, such as low-value exemption, can be beneficial for merchants with low-value items or merchants who offer split-pay solutions. However, many issuers have cumulative value counts, and as a result, they may block so low-value transactions if the merchant reaches the cumulative value threshold. Understanding the different exemptions and the way to maximize their use, therefore, becomes critical for merchants.
To ensure they are ready to process and accept the different types of exemptions, payment organizations and merchants have begun adapting their infrastructure to apply for and accept exemptions. While many UK payment organizations have overwhelmingly done so, many throughout the EU are still developing the ability to support SCA exemptions.
The ability to understand SCA exemption requests will become critical as PSD2 becomes mandatory. According to David Jones from MasterCard, merchants will rely heavily on exemptions, going so far as to implement funnels that will try to match exemptions with transactions, reminding merchants to “use [exemption application] with care,” and not attempt to apply exemptions for transactions that do not meet the criteria.
How can you ensure your payment ecosystem is ready to accept exemptions?
- Understand the types of exemptions available to your business.
- Ask your issuers, gateways, and acquirers if they are ready to accept exemptions, and if not, know in advance that you must perform SCA on all transactions routed to them.
- Have an exemption engine in place.
Takeaway #2: Fraud Rate Matters More than Ever
While PSD2 aims to increase security through two-factor authentication, it is not a fraud prevention solution.
Many merchants may be tempted to rely on their payment vendors to mitigate fraud; however, doing so will reduce their ability to request exemptions, which, as we know, is the most critical thing for merchants under PSD2. A merchant that maintains low fraud rates through the use of independent fraud protection solutions will be able to maximize exemption requests, particularly TRA exemptions.
According to Ian Butler from Elavon, merchants who have a fraud prevention solution in place will be able to manage risk themselves and flag exemptions to Elavon. On their end, Elavon will do a small test to confirm and authorize the request. This showcases the importance of having independent fraud prevention solutions and maintaining clean traffic.
During the webinar, both acquirers and issuers independently said that they will support exemptions more favorable for merchants who have good fraud rates and send clean traffic to their systems. It is in the interest of all payment parties that exemptions are requested and accepted for legitimate and eligible transactions.
On their part, Issuers do not want the increased friction SCA requires because customers will contact them directly if there is a transaction error. Acquirers will support merchants’ requests for exemptions. However, it is the merchants’ responsibility to send clean traffic and request exemptions for relevant transactions. Merchants that cannot monitor and analyze risk will be subject to the acquirer’s decision and have to undertake more liability.
What can you do to reduce your fraud rates?
- Do not depend on your payment ecosystem to protect your business from fraud.
- Find a powerful fraud protection partner.
- Make sure your fraud protection partner understands and is prepared for PSD2.
Takeaway #3: Continually Communicate With Your Vendors
It will take the payment ecosystem a while to fully adapt to the new PSD2 directive. While this happens, merchants’ must stay on top of communications with their vendors and ensure everything is up to date.
One critical thing will be the ability of vendors to support the latest version of 3DS. The upcoming versions are expected to reduce friction significantly, offer greater customization capabilities, and improve the consumer experience. However, issuers and acquirers must support the new versions for merchants to enjoy their benefits.
Building a relationship with payment vendors is also critical for merchants looking to maximize exemption use, improve customer experience, and increase authorization rates.
Issuers are a key player in the exemption approval process; having a trust-based relationship with your issuer can help support customer experience and approvals, increasing revenue generation and profitability. A strong acquirer relationship with proven low fraud rates can also increase exemption approval rates, reducing the reliance on SCA and the overall friction consumers undergo.
Ultimately, it is the role of merchants to actively stay on top of what goes with their payment ecosystem. Some merchants may consider having multiple acquirers to ensure maximum exemption support. In contrast, others may change their gateway or Payment Service Provider (PSP) if they cannot support the latest 3DS or exemptions.
How to strengthen your relationship with your payment vendors
- Maintain low fraud rates.
- Request exemptions for eligible transactions only.
- Stay up to date on changes in 3DS and their implications on your business.
PSD2 Changes Everything; But Change Doesn’t Have to Be Bad
PSD2 will drastically change the payment ecosystem; however, there are silver linings to the directive.
As the entire payment ecosystem adapts to the new directive, the merchants who are on top of their vendors and have strong relationships with them will come out stronger.
Additionally, because of the anticipated negative impact on conversion and authorization, many merchants have taken this time as an opportunity to investigate their systems and optimize their entire payment ecosystem. Merchants have changed their acquirer strategy, shifted to a multi-vendor method, and adopted new fraud protection solutions to maximize exemption approvals.
By taking these steps, not only are merchants ensuring they and their vendors are ready for PSD2, but they also optimize and secure their own operations.
Since the regulation directly impacts the customer experience, merchants will push for improvements, and new innovations will likely be rolled out at a quicker speed, such as 3DS2 and more. As more recent transaction solutions are implemented, the impact of PSD2 will be reduced.
Subscribe to Forter’s fortnightly newsletter to receive updates on PSD2 insights and strategies.