Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Promotion & refund abuse
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Blog / PSD2
Merchants with low fraud rates will be able to shop around for Acquirers who can offer authentication exemptions under PSD2. The balance of power will be permanently shifted.
This article was originally published in Payments Card and Mobile.
The Second Payment Services Directive (PSD2) certainly covers a lot of ground, but one important and largely overlooked aspect is the requirement that:
"strong customer authentication […] should be applied each time a payer […] initiates an electronic payment transaction"
Prima facie, this means that all online card payments initiated by European Customers in Europe now need to use 3D Secure - a technology so notoriously poor for conversion that most sophisticated merchants today deploy it selectively for only the riskiest of transactions.
When this requirement was first floated by the European Banking Association (EBA), they got more than they bargained for when the Payments Industry strenuously objected to this regressive and unnecessary stance.
The outcry prompted a concession from the regulators: Exemptions.
There are three primary exemptions from SCA relevant to online card payments: Low Value Transactions, Merchant Initiated Transactions and, most importantly "Low Risk Transactions".
If you're able to determine that a transaction is Low Risk by using Transaction Risk Analysis (TRA), and your aggregate fraud rate is low, you may request an exemption from SCA.
That headline requirement should now read:
"strong customer authentication should be applied each time a payer directly initiates a […] non-low value electronic payment transaction […] unless you're very good at Fraud Detection"
Under PSD2, transaction fraud liability resides with the entity that triggers the exemption. For our purposes, the entities here are 'regulated payment service providers' which in online card payments means Issuing and Acquiring Banks.
Since it's the Issuing Bank performing the SCA, it's usually the Acquiring Bank that will request the exemptions from SCA and assume liability for any resulting fraud.
Only Acquirers with low fraud rates across their entire portfolio, and compliant transaction risk monitoring technology, are eligible to use Transaction Risk Analysis (TRA) exemptions from SCA.
The ability to use these exemptions will become a key differentiator between Acquirers, with merchants moving their volumes away from players who force them to use 3D Secure.
Acquirers will have to work hard to attract and retain low risk merchants in their portfolio, and may even contemplate splitting their entity into two cohorts; low and high risk; with all the legal and operational burden that that entails, in order to remain competitive and attractive to demanding merchants.
Put another way; Acquirers who operate a high risk portfolio or are unable to perform Transaction Risk Analysis will only able to compete on price. This might suit some Acquirers but not those with an eye on margin, profit and longevity.
A key part of any online payment strategy is optimising for high payment acceptance and conversion, where a smooth user experience is at the core of both. Since blanket use of 3D Secure is so unappealing to sophisticated merchants, the ability to avoid it wherever possible is a key requirement for any Acquirer the merchant may choose to use.
Merchants with historically low and well managed fraud rates and high or growing volumes will be in increasingly high demand by Acquirers seeking to maintain the low risk portfolio they'll need to offer SCA exemptions to their merchants.
All this gives the upper hand to merchants in contract and relationship negotiations in this brave new world.
Learn more about PSD2 and SCA here.
Martin Sweeney CEO
3 min read
More from Martin Sweeney
Share this article:
Blog / News
From 2020 to 2022, how has your online business changed? Let’s talk about how the pandemic continues to shape ecommerce two years on.
Grace Proctor, Content Writer
Appetite for ordering food on marketplace apps is still strong, as customers look for convenience and choice. But how are foodie fraud trends evolving?
Lola Omo-Ikerodah, Content Writer
Online marketplaces are exploding, but fast expansion always opens the door to fraud. Learn how to prevent fraud as your business grows with the industry pulse infographic…
Subscribe to our newsletter to get the latest fraud & payments updates sent direct to your inbox.