Being a material girl was much easier in 1985; the recent global pandemic has steered people away from brick-and-mortar shops and into the socially distanced eCommerce arms, and the Revised Payment Service Directive (PSD2) has challenged online payments, adding friction, decreasing conversion, and impacting revenue generation.
PSD2 officially went into effect on December 31st, 2020, and with it, the fears of many merchants have been realized.
More transactions than ever risk rejection due to technical failure of the 3D-Secure (3DS) process or user frustration at the increased friction. Merchants that are ready for PSD2 can leverage exemptions to their benefit; however, this will largely depend on their fraud rates.
To help merchants prepare for PSD2, Forter has been detailing the various changes the regulation will bring and how to ensure they have a minimal impact on merchant operations.
Now that PSD2 has gone into effect, we have summed up our conclusions and created a PSD2 wrap up (to the tune of Madonna).
Some Approve Me, Some Reject Me, I Don’t Think That’s Ok (Ok)
Merchants spend tremendous time, energy, and resources to bring users to their website, to add products to their cart, and ultimately, to complete checkout. When a legitimate transaction is rejected, it impacts revenue generation as well as the customer lifetime value.
PSD2 significantly complicates the checkout process, most often by requiring 3DS and increasing the friction point users encounter. This, in turn, increases the frustration of consumers and the likelihood of legitimate transactions experiencing decline.
What is a legitimate transaction?
A legitimate transaction is one attempted by a user who is in possession of their payment information, has the available funds, and should be able to complete the transaction.
In the past six months, 28% of consumers experienced false declines.
False declines are most often the result of 3DS failure, meaning that an issuer or acquirer cannot process the transaction using 3DS. When this happens, transactions are declined even though the consumer is legitimate.
When legitimate consumers experience false declines, this impacts their customer experience and their future shopping habits. Of the consumers that experienced a false decline in the past six months, 30% said it would influence their decision to shop with that particular merchant in the future.
If They Don’t Give Me Friction-Free, I’ll Just Walk Away
The most notable impact of PSD2 on merchants is the requirement of 3DS for all transactions (unless they are eligible for exemptions, but more on that later).
Under the new regulation, consumers will have to provide multi-factor authentication, increasing the risk of error as well as touch-points consumers encounter.
The use of 3DS negatively impacts the consumer checkout process and leads to higher rates of abandonment. While the overall impact of 3DS varies by country, it is uniformly negative across the European Union (EU) and European Economic Area (EEA) where PSD2 is applicable.
On average, 25% of 3DS transactions fail.
Conversion failure can occur due to various reasons, namely, user-triggered abandonment, technical issues, or 3DS approval ratio.
|3DS Abandonment Rates|
|*Based on Amazon Abandonment Data|
3DS abandonment is particularly problematic for merchants since it means that the consumer got frustrated during the process. This, like false declines, will likely impact their future shopping behavior and prevent them from future purchases with the same merchant.
In addition to user-triggered abandonment, many transactions will fail due to technical issues with 3DS. Technical failures occur when there is a gateway error, Payment Service Provider (PSP) failure, or technical issue with an issuing bank or other member of the payment ecosystem. Up to 2% of transactions fail due to technical problems with 3DS.
Lastly, the 3DS approval ratio can lead to a rise in transaction declines. Increased declines can occur when the acquirer deems the transaction too high risk or if the issuing or acquiring bank is not fully prepared to process 3DS transactions. If issuers are not ready for 3DS, they will either enable 3DS1 or use Stand-in-Processing (STIP. When Visa or MasterCard stand-in, the liability will shift to the issuer, and the issuer will likely decline the authorization to avoid liability. If 3DS1 is used, it will create more friction on the consumer side.
In Spain, 53% of transactions processed through 3DS fail authorization; in Italy, 33%, and in Germany, 43%. Merchants operating in those areas need to leverage all possible solutions to capture those missing transactions.
Because the Acquirer that Accepts Exemptions is Always Mr. Right
Merchants that want to minimize the impact of PSD2 and 3DS on their conversions, increase revenue generation, and provide their consumers with a frictionless checkout experience need to have a powerful exemption engine in place to take advantage of the SCA exemptions available under PSD2.
If a transaction meets specific criteria, merchants can request their acquirer to process the transaction without using 3DS, thereby reducing friction and legitimate users’ chances of being declined.
Exemptions Every Merchant Needs to Know
TRA Exemption (aka Low Risk)
Low Transaction Value (under 30 EUR)
Whitelisted Merchant (created by consumers)
The most commonly used exemption is the Transaction Risk Analysis (TRA) exemption, also known as the low-risk exemption.
Merchants that perform fraud verification on transactions and believe a transaction to be low risk can request their acquirer to process the transaction without 3DS.
Acquirers on their end are happy to enable good merchants to leverage TRA exemptions as long as they maintain low fraud rates and do not falsely abuse the exemption system.
Only Those Who Save My Business Make My Rainy Day
Not only was PSD2 never designed to be a fraud protection tool, but under the new regulation, fraud protection becomes even more crucial to leverage exemption requests.
With the global shift to online shopping, fraudulent activities have been on the rise and are expected to double within the next two years. To protect their business from fraudsters, chargeback risk, and damaging their fraud-ratio, merchants need to check all users and verify they are who they say they are with the help of a robust fraud protection solution.
In addition to traditional fraud, fraud protection solutions can also protect merchants from policy abuse, account fraud, dissatisfaction claims, and more.
However, with PSD2 looming over everyone’s heads, fraud protection can also serve another purpose: aiding in exemption requests. Merchants that want to request SCA exemptions and process transactions without 3DS have to keep their fraud rates low. Those with a proven history of low fraud rates and have a fraud prevention tool in place will enjoy higher exemption approval rates. This will lead to a better customer experience, a higher chance of conversion completion, and, of course, increased revenue generation.
We Are Living in a PSD2 World, and Merchants Need to Take Control
As the new directive goes into effect throughout Europe, merchants will have to take more control of their operations in order to ensure they continue experiencing growth and increased revenue generation.
Merchants can no longer rely on acquirers to perform fraud protection or on issuers to have the infrastructural capability to support 3DS2. It is up to merchants to push for the best checkout experience for their customers.
This includes making sure their entire payment ecosystem is prepared for PSD2, that they are informed of, and can leverage SCA exemptions to their advantage, have a fraud prevention solution in place, and continuously monitor their transactions to ensure everything is working as it should.
As PSD2 continues to change the face of European eCommerce, those that have the right solutions, partners, and knowledge at hand will be those that thrive.
Subscribe to Forter’s fortnightly newsletter to receive updates on PSD2 insights and strategies.