How to Maintain PSD2 SCA Compliance While Staying Fraud-Free

by Kristen White Blogger

Every merchant or company involved in global online sales will be affected by the European Union's revamped PSD2 directives. Per the new Strong Customer Authentication (SCA) guidelines, all online sellers and issuers must create strong fraud prevention checks. This is a summary of how the PSD2 and SCA guidelines will affect businesses.

The Need for Stronger Online Security

PSD2, the EU's updated directive, requires issuing banks and other financial institutions to share user data they collect with third-party service providers as long as the customer approves so it can be used by online service providers or sellers to initiate direct payments without involving the bank.

If online sellers maintain PSD2 SCA compliance, they will also enjoy benefits such as:

The ability to sell worldwide.
Be able to attract larger audiences.
Access untapped markets without needing the assistance of issuing banks.
Reduce the need for middlemen like bank card companies and third-party payment providers.
Reduce transaction processing costs
Ability to deal directly deal with banks.

So, it is all positive news for online sellers who are PSD2 compliant right? No! Added security checks can slow down transaction processing on sellers’ eCommerce platforms, and slow transaction speeds lead to an increase in abandoned shopping carts.

The Security Aspects of PSD2

According to SCA regulations, all sellers or third-party payment service providers need to invest in transaction monitoring tools so that they can detect fraudulent payments and transactions as stipulated by PSD2's Article 2(1). So, this requirement has also made it necessary for online merchants to invest in fraud prevention tools.

All online payments that pass through an EU country need to be screened through proper security tools that are PSD2-compliant. Article 2(2) of the PSD2 objectives of the SCA states that security tool should maintain PSD2 SCA compliance by:

Tracking account user information and comparing it with a list of stolen/compromised accounts.
Undergoing frequent updates so it can prevent the latest fraud schemas
Detect malware infection on users’ authentication devices
Notice inconsistencies in transaction amounts

The 3D Secure 2.0 Model

To be SCA-compliant, online vendors need to adopt a 3D Secure 2.0 Model that complies with the new regulatory requirements and addresses online threats. In a 3D Secure 2.0 model, there are more data point checks. Therefore, conversion rates may be slower because of all the added authentication checks. In the U.S., online merchants reported a 45% drop in conversion rates because of increased friction during transactions.

A retail fraud 3rd-degree prevention tool can help reduce friction by:

Automatically applying exemptions to low-value and low-risk transactions such as repeat orders.
Whitelisting legitimate customers so that they do are not required to undergo authentication tests.
Automatically identifying credit cards issued outside of Europe.
Maximize the exemption rate.
Make real-time decisions to screen or report fraud.

PSD2 will be an asset for eCommerce companies as long as they use the right tools to properly monitor and secure online transactions.