• Products
    Digital Trust & Safety Suite

    Expand with confidence, and fight many types of fraud and abuse

    Payment Protection

    Reduce risk and grow revenue

    Content Integrity

    Protect users from spam and scams

    Account Defense

    Stop account takeover attacks

    Latest Product Releases & Enhancements
    Sift Connect
    PSD2 Solution
  • Why Sift
    The Sift Way

    Technology, Community, Partnership

    Commerce Platform Partners

    Low-code integrations for leading commerce platforms

  • Customers
    See case studies by industry

    Sift works for companies across e-commerce, travel, on-demand, and more.

    Featured Customers

    Harry’s

    85% reduction in chargebacks

    Poshmark

    70% less spam content

    Turo

    100% of ATO blocked

  • Resources
    Blog

    Digital Trust & Safety news

    Demos

    Walk-throughs of how Sift works

    Ebooks

    Guides, research, and more

    Infographics

    Data brought to life by design

    One Pagers

    Product and use case info

    Podcasts

    Stories from the fraud front lines

    Videos

    Testimonials and brand stories

    Virtual Events

    Virtual expo and online events

    Webinars

    Insights from industry experts

  • About
    Search Careers

    Make the internet a safer place â€” Grow your career.

    Our Company

    Learn how Sift helps companies grow securely

    Contact Us

    Want to get in touch? We'd love to hear from you

    Partner with Us

    Join the leader in Digital Trust & Safety

  • Request a demo
  • Sign in
Products
  • Digital Trust & Safety Suite
  • Payment Protection
  • Content Integrity
  • Account Defense
  • Latest Releases
  • Sift Connect
  • PSD2 Solution
Why Sift
  • Salesforce
  • Magento
  • Shopify
Customers
Resources
  • Blog
  • Demos
  • Ebooks
  • Infographics
  • One Pagers
  • Podcasts
  • Videos
  • Virtual Events
  • Webinars
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a Demo Sign In
  • Blog Home
  • Account Fraud
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

PSD2: What Merchants and PSPs Need to Know

By Arwen Heredia  / 

4 Sep 2019

Beginning September 14th, 2019, the Regulatory Technical Standards outlined within PSD2 – version 2.0 of the Payments Services Directive – officially become mandatory. With their arrival will come a series of new security and authentication challenges that will directly impact merchants and payment service providers (PSPs) operating out of the EEA, particularly when it comes to customer experience and revenue. It’s these two key areas that will feel the most heat under PSD2, making it necessary for businesses to take strategic action now to proactively fight fraud, reduce churn, lower friction, and protect their customers.

In a recent webinar, Sift teamed up with The Paypers to bring clarity and practical recommendations to vendors and PSPs as they prepare to face this industry shift. Below is a simple breakdown of what to expect, insights on what it all means for your business, and recommendations for minimizing risk and providing seamless customer journeys in a post-PSD2 world.

3 Things to Know About PSD2: Applying Exemptions, Protecting Customers, and Predicting Fraud

A customer’s experience during a transaction can go from pleasant to painful in a matter of seconds, and the more authentication requirements involved, the greater the chance of revenue-eating friction. But minimizing protection for your users isn’t an option and certainly isn’t a smart solution, despite deep concerns over abandoned carts and chargebacks.

But before you start strategizing, remember: PSD2 only applies when both the acquiring bank and issuing bank are located in the EEA (European Economic Area). If you aren’t working with a European acquiring bank, you don’t have to worry. Otherwise, you will have to comply with PSD2 and have SCA (Strong Customer Authentication) in place once mid-September hits.

This second-wave directive is designed to provide better protection for legitimate customers as they interact with your site and make purchases, but it does add another hoop for them to jump through as they progress to the point of sale – something that will likely contribute to an uptick in churn. Here’s what typical transactions look like now:

Transaction flow before PSD2.

And here’s what they look like under PSD2:

Transaction flow under PSD2.

The additional SCA step, from a vendor standpoint, must meet two of three possible verification factors: Something the customer knows, like a password or pin; something the customer has, like a mobile device; and finally, something the customer is, like a fingerprint or face ID scan. And while the benefit to the end-user is something any online shopper will appreciate, they may be less enthused about how it’s done. It’s up to merchants to consider the following three factors as they work to provide enhanced security without driving customers away:

1. Predictable, real-time fraud prevention is a vendor’s best friend

No one can see the future, but solutions like Sift fraud detection are accurately using machine learning to help fraud analysts surface, identify, and stop fraudulent behavior in real time – well before it happens. This is the most effective way to keep a cap on churn and reduce risk while giving great customers the experiences they deserve.

2. Exemptions are the easiest way to keep friction low

Merchants should work with their payment services providers on a strategy to maximize exemptions, since transactions that fall under this category will not be impacted by SCA and therefore, won’t add additional friction for customers. These exemptions include low-value payments, repeat corporate charges, low-risk transactions, and whitelisted merchants. But beware: These are also the most vulnerable areas and what fraudsters will be zeroing in on. If you’re reading this, they probably are, too.

3. Digital Trust & Safety tactics = greater customer loyalty

Digital Trust & Safety is a fraud prevention strategy that helps analysts accurately identify and differentiate suspicious behaviors from legitimate actions, so that good customers get great experiences and fraudsters are prevented from committing fraud. In a recent survey, we discovered that adopting this approach helps brands deliver excellent customer experiences, expand into new markets, reduce risk, explore new revenue opportunities, manage fraud more effectively, and continue to grow. See where your business stands on Digital Trust & Safety with our quick assessment.

What the Road to Readiness Looks Like for Merchants and PSPs

With only 40% of merchants reporting that they feel prepared for the mid-September shift, it’s paramount that affected businesses map out what compliance means for them – and that includes keeping an even sharper eye out for fraudulent activity.

PSD2 and SCA may add extra security, but do not guarantee protection from fraud. Out-of-scope and exempt transactions are going to be primary and easy targets for fraudsters, which your business may be liable for. While the main action vendors will want to take is to proactively communicate with their PSPs about the plan for managing compliance, here are a few other things to keep in mind:

  • Reduced friction is great for the customer experience, but even better for fraudsters. Protecting your legitimate users and your bottom line before they’re under attack is the best way to safeguard data, accurately predict fraudulent behavior, and keep chargeback rates low. That said, fraudsters will continue to evolve their strategies in tandem with these enhanced security measures, with the likely focus being ATO (account takeover).
  • 3DSecure 2.0 shifts liability, but not responsibility. When too many fraudsters manage to make it past authentication, you could enter a chargeback program and get hit with high fees. Screening all transactions – or even better, mitigating fraud before it happens – is an ideal way to prevent this.
  • Asking your acquirer to maximize exemptions is a great way to keep good customers from having not-so-good experiences as they interact with your business. But, we do recommend being selective about how you integrate those exemptions, as fraudsters can and will take advantage of these less-secure situations.

For a deeper dive into our latest discussion about PSD2 and what industry pros are saying about it, watch the webinar.

Related

authenticationDigital Trust and Safetydynamic frictionfraudfraud preventionpaymentsPSD2PSPsrevised payments services directiveSCAsecond payments services directivesecurityTPPs

Arwen Heredia

Arwen Heredia is Sift's Sr. Content Marketing Manager. She's a life-long writer, mom of girls, baker, bookworm, and dancer. You will know her by the trail of bobby pins.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety EDU
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2021 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.