Az adatdelta átlépése: Hogyan dolgozz a PSP-vel a PSD2-stratégián (Galit Shani-Michel)

The PSD2 regulation came into force in the UK on 14 March 2022, a full two years after it was implemented in France, Germany, Spain and Italy. Central to the directive is the requirement for merchants to conduct Strong Customer Authentication (SCA) unless
an exemption or exclusion can be granted. However, although this, in theory, means less fraud, it introduces excessive friction into the payment journey and can result in losses for the merchant.

The advantage of the UK’s late PSD2 implementation is that considerable data is available on the regulation’s impact on merchants in other European countries. Unfortunately, Forter’s analysis of PSD2’s effect across all EEA countries shows cause for concern.
Our projections warn that merchants who apply 3-D Secure (3DS) authentication to all of their UK transactions are likely to lose 8-10% of revenue due to 3DS authentication failure, and authorisation failure.

Egy olyan környezetben, ahol minden tranzakció számít, a kereskedőknek szorosan együtt kell működniük fizetési szolgáltatójukkal (PSP) a PSD2 stratégián, hogy megtalálják a megfelelő egyensúlyt a súrlódásmentes ügyfélélmény, a bevételek védelme és a csalásmegelőzés között.

Az adatdelta átlépése

One of the critical issues facing merchants right now is the imbalance of knowledge – and therefore power – between themselves and their PSP. Merchants lack the ability to collect and analyse their own data, which means they are dependent on the information
their PSP provides. PSPs tend to struggle with identifying trends outside of payments fraud because they lack visibility into the entire customer journey resulting in poor reporting (generally reliant on account managers for insight) and the inability to cover
end-to-end risk.

This can mean unusual patterns, such as account takeover or policy abuse, go undetected. Consequently, in terms of fraud prevention and ecommerce optimisation, merchants end up settling for what may be “good enough,” without understanding what “good” can
really look like in terms of potential conversions and revenue.

A case in point is the issue of abandonment. Merchant systems often cannot differentiate between cart abandonment – which can occur for many reasons – and the specific issue of 3DS technical failure or abandonment. This means they have limited visibility
of how their PSD2 strategy is truly affecting revenues and consequently cannot intelligently address the problem. Instead, they must rely on the data the PSP provides, and this does not always add up.

For example, if a PSP provides data showing a 20-30% decline rate, the merchant needs to be able to confidently question why declines are so high. To do this, they must benchmark the PSP-provided data against industry-wide information, and also compare it
to their own harvested data. This requires merchants to invest in better in-house data capabilities so they can robustly challenge PSPs.

Unfortunately, merchants’ dependence on PSPs means many are being incorrectly advised to tackle PSD2 with an all-or-nothing approach, sending every eligible transaction for exemption. However, when merchants request exemptions on everything, this is a tacit
statement to the issuer that they believe every transaction is low risk. When this proves not to be the case and chargebacks result, it is a clear indication that they are failing to detect fraud. Consequently, their PSP may refuse to permit exemptions in
a jövő.

3DS decision is a risk-based decision first. The only way to make a correct decision is to look first into the risk level and ensure that only low-risk transactions will be sent as low risk. This decision relies on the vendor that the merchant trusts to
make the fraud decision not on the PSP. However, just understanding what a low-risk transaction is, is not enough, it’s also critical to understand the issuer preference and ensure that if an issuer is not likely to accept exemption, the transaction should
be sent to 3DS.

A másik véglet, az a többlet súrlódás, amely akkor keletkezik, amikor minden tranzakció a 3DS-be kerül, pusztító hatással van a bevételekre, és 6-8%-kal csökkenti azokat. Nyilvánvaló, hogy a kereskedőknek árnyaltabb PSD2 stratégiára van szükségük, hogy elkerüljék a bevételkiesést és az ügyfelek frusztrációját.

A PSD2-kérdések, amelyeket a kereskedőknek fel kell tenniük PSP-jüknek

A tranzakciós folyamat sikertelenségének megértése azt jelenti, hogy a kereskedők célzott fejlesztéseket hajthatnak végre. Ezért kulcskérdés, amelyet fel kell tenni a PSP-knek: hány tranzakció
amelyeket a 3DS-nek küldtek sikeresek voltak?

A sikertelen tranzakciók közül a kereskedőnek meg kell kérdeznie, hogy hány volt hitelesítési hiba, engedélyezési elutasítás vagy kosárelhagyás eredménye. Ez az egyetlen módja annak, hogy teljes mértékben megértsük és optimalizáljuk az ügyfélélményt.

A second key area is Transaction Risk Analysis (TRA) exemptions. Making effective use of these is vital to reducing customer friction, so merchants must understand the levels of TRA exemptions that their PSP can offer and how they are requesting exemptions
az ő nevükben. This information can help merchants understand whether all exemptions are being handled properly by the PSP and,When merchants ask PSPs to handle exemptions it is important that they can double-check that the PSP has followed the rules
requested; if they don’t and instead send transactions to 3DS this can lead to a high rate of soft declines.

Ez ismét abból adódik, hogy a kereskedők független adatokkal rendelkeznek, amelyeket össze lehet hasonlítani a PSP által biztosított adatokkal, így az esetleges eltéréseket tekintélyes pozícióból lekérdezhetik.

A jövőre nézve a kereskedőknek kérdezniük kell hogyan készülnek a PSP-k a delegált hitelesítés megközelítésére. This offers a way for merchants to handle authentication more seamlessly by having the user set up strong authentication – such as biometric –
during sign-up and requiring 3DS for the first checkout. Subsequent transactions then only require biometric authentication. Merchants should seek to work with PSPs that are up to speed with developments such as delegated authentication to ensure they are
ready to take advantage of the customer experience benefits such innovations can deliver.

Hogyan dolgozzunk PSP-kkel PSD2 stratégiával

Ultimately, PSD2 is an effective weapon in the fight against fraud. However, merchants need to be more proactive around managing their PSP relationship to ensure they aren’t losing out due to high rates of 3DS declines and/or over-use of exemption requests.
To do this effectively, merchants need a more holistic understanding of their customer ecosystem achieved by greater visibility of key performance data. Furthermore, this should also enable merchants to be able to challenge the PSP and ensure that they see
the full picture.

Engaging with a partner that has dedicated fraud expertise can help merchants cross the data delta and gain the objective insight and analysis needed to put them in a position of strength in their PSP relationship. Then they can work together to balance
fraud prevention and customer experience by deploying the optimal combination of TRA exemptions, 3DS, and decline recovery tools to ensure that genuine transactions are successful and fraud risk is controlled.