Ensuring regulatory compliance is never easy or cheap, and this is particularly accurate in banking and financial service industries. Since 2015, online businesses, merchants, and payment service providers (PSPs) have been grappling with the European Banking Authority’s (EBA) new regulations called ‘The Second Payment Services Directive,’ or PSD2 for short.
These new directives require vendors, eCommerce businesses, issuers, and PSPs to implement Strong Customer Authentication (SCA) protocols for all eCommerce transactions. The goal of these SCA requirements is to eliminate eCommerce fraud in the European Economic Area (EEA).
Although the European Banking Authority initially intended these directives to be applied to vendors, eCommerce businesses, issuers, and PSPs located inside the EEA, they’re being backed by almost all major global payment institutions.
Kindly subscribe to our YouTube channel
The Risk of Not Complying with PSD2 and SCA Requirements
If you plan to sell to customers in the EEA, your business needs to comply with these directives and regulations. But, should businesses invest in PSD2 and SCA compliance solutions? From both a technological and cost perspective, non-compliance is way too risky. Businesses that aren’t addressing the risk of non-compliance will face several challenges like –
Low Authorization Rates
All major issuing banks in the EEA are complying with PSD2 SCA regulations. The protocols they’ve implemented prevent non-compliant merchants from operating on their networks. So, vendors who don’t comply with PSD2 and SCA regulations will face transaction refusals, leading to poor authorization rates.
For small-scale vendors, improving authorization rates after they’ve dropped significantly is extremely challenging. Before low authorization rates start affecting their sales, they need to implement measures that make them PSD2 and SCA-compliant.
Higher Risks of Fraud
The implementation of PSD2 and SCA regulations has posed many challenges for the people who are part of the European and global payments industry. However, these regulations are blessings in disguise for the average consumer as they’re designed to promote stronger security for all online transactions.
These directives also compel online businesses, merchants, and PSPs to develop 3-D Secure (also known as 3DS2) protocols for their platforms. Merchants and issuers essentially have to make sure all of their transaction requests go through three-part verification procedures.
These multi-step transaction verification processes are posed to prevent threats like card-not-present (CNP) fraud. However, the online businesses, merchants, or PSPs that don’t adopt SCA requirements on their platforms will face increased threats of fraud, CNP fraud in particular.
A study by TransUnion also suggests that CNP fraud will increase in other regions of the world, such as North America because all companies based in the EEA will eventually adopt SCA regulations and offer better security to European online shoppers.
Friction in Transactions
Implementing SCA protocols comes with the risk of introducing unnecessary friction into transactions. Even small amounts of friction cause online shoppers to abandon their carts or register false declines (order a product and then deny ordering it upon delivery). However, these risks are present even if online sellers don’t implement SCA protocols.
According to a 2019 report, the friction instigated by PDS2 SCA requirements cost European merchants over €108 billion in lost sales. To ensure frictionless checkouts, eCommerce business owners not only have to become PDS2 and SCA compliant, but they also have to make sure that the compliance solutions they use, make the most of the SCA exemptions.
According to the SCA guidelines, not all transactions have to be subjected to the three-step verification processes. The more exemptions your payment processing tool catches, the less friction your loyal customers face while checking out of eCommerce stores.
Lastly, non-compliant online businesses will experience declined payments because of their failure to meet SCA requirements during payment processes. Banks will decide whether they accept/reject transactions from non-compliant vendors. Such inconsistencies can annoy customers and negatively impact the seller’s bottom line.
How to Achieve PSD2 and SCA Compliance?
Firstly, online business owners, merchants, and payment service providers (PSPs) need to change their mindset about achieving PSD2 and SCA compliance. They should use these regulations as a catalyst for digital transformation. Then they have two options –
- Partnering with PSD2-compliant PSPs – Engage with PSPs that offer PSD2-compliant checkout options. However, by taking this step, vendors lose control over the checkout experiences their platforms provide.
- Invest in SCA Optimization Tools – Vendors who want to retain control over their checkout experiences should invest in SCA-optimized payment processing tools that can help them implement 3D Secure 2 protocols on their platform.
The second option is more appealing because it allows vendors to retain control over their eCommerce ecosystems. However, vendors need to choose a top-quality PSD2 Compliance Solution that allows them to –
- Appropriately use SCA exemptions whenever possible. The tool should automatically identify and facilitate exemption requests (e.g., repeat orders of small amounts from loyal payees).
- Track details like customer device type, customer location, etc., to mitigate any fraud risks. The tool must also authenticate legitimate account activities to ensure innocent users don’t have to comply with strict guidelines while checking out.
There are many regulatory technology tools that can help vendors achieve PSD2 and SCA compliance relatively easily. Vendors must choose the right PSD2 and SCA compliance solutions and avoid the unnecessary risks of non-compliance.
To add to this article or start a conversation, join our forum to share your opinions with other readers. For stories of this sort and more, do well to log on to www.jbklutse.com or visit us on Facebook.