The best Ecommerce fraud
protection solution for online stores.
Increase your approval rate with our
Merchant Chargeback Insurance Solution
The General Data Protection Regulation (GDPR) may still be fresh in people’s minds, but it’s already old news.
The General Data Protection Regulation (GDPR) may still be fresh in people’s minds, but it’s already old news. Europe’s payment industry will witness a profound new digital transformation as early as September 14, 2019: The Payment Services Directive 2 (PSD2).
There are two main priorities to the European law -- encouraging competition among financial providers and enhancing consumer protection.
The Payment Services Directive 2 (PSD2) replaces the previous directive and puts different rules in place for payment service providers.
Part of the new directive is Strong Customer Authentication (SCA), which is especially important for shop owners. The PSD2 mandates that all electronic transactions in the European Economic Area (EEA) will require SCA starting September 14, 2019.
SCA will apply to most customer-initiated online transactions within the EEA, but it’s not only for companies based in the EEA. If you have customers whose cards are issued in the EEA or you sell in (payments are acquired in) the EEA, then the PSD2 requirements might apply to you.
The PSD2 doesn’t include alternative payment methods such as debit, invoice, or payment in advance.
In a survey conducted by Mastercard in July 2019, 75% of Europeans admitted to being unaware of this new safety standard and, above all, unaware of the fact that it is going into effect this September.
Among European payment service providers, only 14% of respondents reported having implemented SCA, while 51% say they have either no intention of doing so at all, or will not do so before September 2019.
SCA resembles what many people call two-factor authentication: If a customer makes an online purchase using a debit or credit card, SCA may require them to provide two of the three forms of identification listed below:
Up until now, making online purchases might require only a debit or credit card number and security code, or -- when using a platform such as Google Pay or PayPal – a login and password. Now, buyers will need a second security factor to complete payments. For example, instead of typing just the CVV code, SCA might ask the user to enter a code generated by their banking application as a second step. This means that even if one element of an SCA transaction is compromised, the other elements will still be secure.
Additionally, each transaction authentication code is dynamically linked to both a transaction amount and payee. If either is changed, the authentication code is invalidated.
While most would agree that this extra step is crucial to ensure the best security standards, we don’t want to forget how important it is to offer the consumer a quick and easy payment experience. The new policies will impact the speed and convenience of online shopping, and ecommerce experts assume that the new regimentation will lead to some drop-offs at checkout.
The reason for this is simple: Customers would first need to register something they own—their smartphone or wearable device, for example—with their payment service provider so they can complete the additional security step. While this may seem easy and worthwhile, the extra step will unfortunately deter some customers.
The PSD2 has defined some exemptions to the general requirement of SCA for every transaction. While these exemptions are available for consideration, it is ultimately the issuer’s decision as to whether they will accept a waiver. Some exclusions to be noted:
PSD2 is a European Union (EU) directive launched in 2015.
SCA is a requirement of PSD2 designed to increase security and reduce fraud by ensuring electronic payments are performed with multi-factor authentication.
3D Secure 2.0, also known as EMV 3-D Secure, is one way (but not the only one) to meet SCA requirements. The 3D Secure 2.0 process is as follows:
As of September 14, 2019, banks will decline unauthenticated payments due to fraud risk. Customers will need to resubmit declined payments using SCA.
SCA should be implemented directly by the payment service providers (PSPs). To comply with these new regulations, please ensure that your PSP complies with the SCA requirements.
ClearSale is agnostic in terms of payment methods we work with; therefore, we will continue to provide our services normally under the new directives.
Merchants may well start seeking out financial providers with excellent records of fraud prevention, as this allows them to offer more convenient payment options to consumers with fewer challenges. ClearSale helps many PSPs and merchants control their fraud risk -- and consequently -- become exempt from SCA, which saves buyers from the burden of an extra authentication step.