March 4, 2021
Payment Services Directive 2 – typically abbreviated to PSD2 – was one of the biggest credit card fraud prevention initiatives rolled out in the European Union in recent years. Initially announced in January 2018, organizations across Europe were given until September 2019 to get up to speed with the new regulations.
In the simplest of terms, PSD2 is a directive implemented to assist with the regulation of payment services and payment service providers, with strong focus on credit card fraud detection and prevention.
As the digital payments landscape continues to grow in terms of size, value and complexity, so too does the importance of initiatives like PSD2 fraud detection.
A series of primary objectives were outlined when PSD2 was announced, which the vast majority of online merchants, banks and payment service providers have been contributing to.
The objectives outlined by policymakers and the introduction of PSD2 were as follows:
• To make payments safer and more secure
• To increase the protection of consumers
• To contribute to a more integrated and efficient European payments market
• To increase competition
• To encourage lower fees for payment services
PSD2 has a huge impact partially because real-time transactions for consumers and businesses in many European countries has become the norm and by 2026, it is estimated that at least 2.6 billion of these payments will be made each year – these payments need to be made with confidence and correspondingly therefore with security.
PSD2 and similar initiatives assist with regulations and metrics around fraud monitoring, protection and prevention, that will allow for the further enhancing of security of digital payment transactions for consumers and businesses across Europe.
In terms of fraud detection and the resolution of disputes, PSD2 focuses heavily on customer security and protection.
One of the biggest changes brought about by PSD2 was the introduction of a new Strong Customer Authentication (SCA) mandate, which payment service providers are obliged to implement in the case of some types of transactions.
Two-factor authentication is the most common form of SCA, wherein the customer needs to enter information from at least two on the following catagories (as outlined in the official PSD2 policy text):
• Knowledge: something only the user knows, e.g. a password or a PIN code
• Possession: something only the user possesses, e.g. a mobile phone
• Inherence: something the user is, e.g. the use of a fingerprint or voice recognition.
While two-factor authentication has proven effective in the detection and prevention of fraud, it can also pose a threat to quick and convenient frictionless transactions. The more difficult and time-consuming it is to make a purchase, the higher the likelihood the consumer will leave without buying anything.
Several exceptions have therefore been included in the policy, so as to allow frictionless card payments to continue without additional verification for most everyday transactions. Examples of which include:
• Low value transactions - frictionless payments up to a maximum of €30.00, capped at a maximum of 5 consecutive transactions or a total combined spend of €100.
• Low risk transactions - frictions payments up to a maximum of €100, if the fraud rate of the acquirer is less than 0.13%. This increases to €250 if the fraud rate of the acquirer is less than 0.06%, and €500 if the fraud rate of the acquirer is less than 0.01%.
• Subscriptions or recurring transactions - will not require additional authentication for ongoing payments that have been authenticated in the first instance by the customer.
The aim is to enable frictionless transactions to continue for the vast majority of customers making everyday payments, while clamping down on credit card fraud with higher value payments.
The reception of the PSD2 implications for consumers have been relatively amicable in general. While the new policy has impacted frictionless payments to an extent, it’s been acknowledged as a small price to pay for improved credit card prevention and protection.
Likewise, businesses have found themselves in a position where they are significantly less likely to fall victim to credit card fraud, or avoiding the subsequent costs and complications that accompany such transactions. Again, making the minor disruptions to frictionless payments a small price to pay for the added protection.
PSD2 has made a real difference to the credit card fraud landscape, but cannot be relied on to safeguard businesses or consumers single-handedly. For those looking to take the strongest possible stand against all types of card fraud - intelligent machine learning software utilizing the latest in AI provides the most robust protection of all.
These are the kinds of systems that are designed to continuously learn, evolve and adapt to meet the ever-changing requirements of the modern business. An example of such a system is Fraudio, which utilizes a centralized AI ‘super-brain’ to continuously learn from millions of transactions in real time.
Proactivity holds the key to safeguarding your business and your consumers from credit card fraud - not a passive reliance on broad governmental payment policy. With consumers placing a greater emphasis on payment security more than ever before, anything you can do to prevent credit card fraud shows commitment to protecting your customers and subsequently - your business.
How about trying our solution and experiencing the next generation for yourself?