Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / PSD2
How should you handle payments after September 14? Read our recommended next steps to manage the next 12-18 months of uncertainty.
Share this article:
There’s not long to go now until the deadline for the Second Payments Directive (PSD2). Like it or not, online sellers are facing the reality of forced authentication on most payments from customers.
This is a complete reversal of the current situation. Now, sellers are only sending the very highest fraud risk payments to authentication, after 14th September they will only be able to avoid authentication on payments with the least risk.
Many online sellers are concerned about the added friction of authentication costing them business. Rightly so… one in five payments authenticated through 3D Secure is lost.
To achieve better security without making a huge dent in the online economy, the method for authentication is getting an upgrade to 3D Secure 2. The newest version will enable exemptions from authentication, allowing you to avoid adding friction for your genuine customers.
But this is still a long way off, and heavily dependent on card issuer actions. At Ravelin, we’re only expecting card issuers to support specific exemptions from late 2019 or maybe even later. Three different versions of 3DS will coexist until the end of 2020 with a wide variation in adoption until then.
So what should you do in the meantime to manage the next 12-18 months of uncertainty?
Until you have full access to exemptions, you need a short-term strategy. As the card issuer has the final say on payment authorization, knowing how they’re likely to act will be critical to giving customers a smooth journey.
Immediately after the deadline, card issuers are likely to either put a blanket authentication requirement on everything, or simply carry on as normal. If a card issuer accepts your authorization without authentication, they have given an implicit exemption on that payment.
At first, we’re expecting most issuers to be at either end of the scale.
Exemptions won’t be relevant until later, so the best course of action is to straight authorize and avoid authenticating as many payments as possible.
But - if you try to authorize a payment and the issuer soft-declines and requests authentication, this gives your customer a bad experience, plus it might end up costing you more. How can you make sure you authenticate only the right payments before an issuer forces your hand?
Keep an eye on how individual issuers handle payments and avoid unnecessarily asking genuine customers to authenticate. Closely monitor and report on your authorisation acceptance rates by card issuer so you can stay ahead of their changing behavior trends.
Of course, issuers will gradually move into the middle ground - the grey area between authenticating everything or nothing. When these issuers do start changing how they handle payments, you need to make sure you avoid a rise in soft declines.
Over time, things will become less black and white as issuers establish which payments they’ll require authentication for. After the dust settles on PSD2, you want to use the authentication method with the least possible friction every time.
As issuers migrate to a new 3DS version, you need to know as soon as possible so you can start sending all the extra data and using exemptions as soon as you can. Leading businesses will be keeping a close eye on issuers and preparing for the changes early on. To learn more about how we’re collecting issuer intelligence and optimizing payment routes check out our payment authentication solutions.
The forced authentication under PSD2 will have a huge effect on the EU’s 300 million online shoppers, and the online businesses that serve them. These tighter controls will also cause a ‘Frexit’: a ripple effect as fraudsters move to the easier targets of less secure payments made by non-European issued cards.
As the deadline approaches, have you done all you can to prepare your business for the change?
Jessica Allen, Head of Content
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?