Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / PSD2
Ravelin hosted discussions at a recent series of roundtable dinners in New York, Los Angeles and San Francisco. The conversations revealed an unexpected interest in PSD2 and GDPR.
Share this article:
Ravelin hosted discussions at a recent series of roundtable dinners in New York, Los Angeles and San Francisco. The conversations revealed an unexpected interest in PSD2 and GDPR. On the surface this is a little surprising. We know both these regulations are firmly European in origin. Why then, so far from home were they of such interest in the US?
For businesses operating internationally there are compelling reasons to be aware of both these initiatives.
Let’s look at PSD2 first. The directive requires both legs of a transaction to be in Europe. That’s to say the issuer and the acquirer both need to be in Europe for PSD2 to apply. So a US consumer buying in Europe would be exempt. Likewise, a European consumer buying from a US company with a US acquirer.
This in fact could offer an out to US businesses operating in Europe. They could route payments through to their US acquirer and so escape the purview of PSD2. In fact some businesses are considering this as a back-up. The Secure Customer Authentication (SCA) element of PSD2 implies friction in the customer journey. Many companies are keen to avoid but doing so is not without costs.
Cross-border acquiring is two to three times more expensive than local acquiring. It has its own acceptance risk too. Some issuers reject transactions as their international routing can look unusual. One study showing them 69% more likely to be rejected.
So the good news is a US company with limited European exposure can continue to route transactions through their US acquirer and will see no change. This accepts of course that the higher cost and lower acquisition rates are already priced in to their payments strategy.
A global business is likely to have both legs inside the EU for European customers and needs to be aware of the implications of the changes. This is true for any business looking to expand globally as well.
3DS 2 is a prominent element of PSD2. It is the de facto authentication protocol for the directive. It is not a European standard however. In fact it is an EMVCo protocol - as global as can be. If the attendees at our dinners were typical, many US e-commerce businesses expect to adopt 3DS2.0 in a way that not true of 3DS 1.0.
The only difference is the urgency with which it will be adopted.
The European Banking Authority has confirmed that 3DS 2.x is PSD2 compliant. SCA is mandatory on most transactions. The world is watching Europe with anticipation to see how the consumer adapts to this new way of purchasing. Thus Europe is a laboratory for US payments professionals to observe and adapt to what happens there. It should present some big lessons for smart businesses to learn.
GDPR is a European regulation with global reach. GDPR covers a user of a US service who accesses that service from Europe. So even US-centred businesses need to be aware of the implication of the service.
It is easy to see this as a threat but it doesn't need to be. At the dinners we hosted there was a consensus that the best way to think about GDPR is that is a blueprint for `privacy by design’. The regulation is not perfect but it does act as a useful standard for companies. Good privacy practices should be baked in for customers and users and the world's regulators are starting to agree.
The California Privacy Act shows the direction of travel in terms of privacy compliance. While not identical it is very similar to GDPR. Companies are now faced with the difficult options of either some applying this Act only on their Californian customers. The alternative is to simply adapt that higher bar for operations across all states and globally. And it makes increasing sense.
Japan and Brazil are planning their own regulations that map to GDPR. Smart businesses need to start challenging their development teams to bake privacy in. Consumers are likely to start favouring companies that respect their data privacy and can prove that they do.
It’s a global economy. Big changes in one part of the world will always impact others. It is still too early to tell how the European changes will roll out fully. We have seen limited use of the fines in Europe so far. And PSD2 is being staggered in its rollout. However both represent a rare opportunity for US companies to observe the real world outcomes of needed changes in consumer and business behaviours as the e-commerce world evolves. In GDPR perhaps we are seeing privacy by design won out. For PSD2 we will have to wait and see.
I would like to thank all our guests across the three dinners. It’s a real privilege to be able to hear from businesses first hand about how they are adapting to the ever-changing challenges of payments and fraud. Please do join us at future events in US and Europe.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?