Galit Michel, VP of Payments at Forter, writes for Payment Expert on the impact of PSD2 and new Strong Customer Authentication regulations on the payment space.
What have European merchants learned post-PSD2 and the opportunities for UK merchants?
In the year since PSD2 enforcement, European merchants have learned that using Strong Customer Authentication (SCA) in the form of 3DS applies a lot of friction to the checkout process. Some merchants have lost almost 30% of their transactions where 3DS was applied. We have also noticed that different issuers, even in the same country, treat exemption requests differently. Merchants need to optimise their use of exemptions, particularly in markets with low 3DS performance, and pay attention to the differences between issuers (which can change frequently and without warning).
UK merchants have the benefit of being able to learn from the EEA implementation of PSD2 and pursue opportunities to remove PSD2 friction and create a competitive advantage. They can do this by using a smart PSD2 solution that enables them to make accurate Transaction Risk Analysis (TRA) exemptions and apply SCA only when required. Forter’s platform can ensure that up to 90% of your eligible traffic is exempted and drive a conversion uplift of as much as 6-8%, by using automation and machine learning.
Why would merchants unprepared for SCA and PSD2 enforcement suffer?
If merchants are unprepared for PSD2 and SCA, they may make suboptimal decisions in balancing the risk and friction of their online payments. Unprepared merchants tend to send everything to 3DS or request exemptions for everything, both of these approaches have limitations. By sending every transaction to 3DS, merchants may lose up to 30% of their transactions, due to cart abandonment, authentication, and authorisation failures.
Attempting to exempt all traffic also harms conversions by up to 5%. In addition, merchants will be liable for any chargebacks, as well as run the risk that future exemptions will not be permitted by their PSP or the issuing bank if too many fraudulent transactions are let through. We have also noticed that different issuers, even in the same country, treat exemption requests differently, and there are even some issuers that prefer that all transactions go to 3DS.
What many merchants don’t realise is that making use of exemptions relies on maintaining a low fraud rate. Only by choosing a partner that can make accurate and real-time decisions about every digital interaction will merchants be able to optimise their payments, keep their fraud risk low and protect their revenue.
Why the widespread use of frictionless 3DS may lead merchants to underestimate the impact of PSD2 enforcement in the UK?
Prior to PSD2 enforcement in the UK, 60% of transactions went through frictionless 3DS. Frictionless 3DS doesn’t require customers to complete any challenge – they simply have to wait a few more seconds for their transaction to go through.
What many merchants may not have realised is that frictionless 3DS isn’t PSD2 compliant, so they may have a rude awakening once they see the abandonment and authorisation rates on the payments sent to 3DS with friction, which requires customers to perform an action at the checkout (e.g., entering a password, fingerprint approval).
Why full-funnel reporting is important to accurately track 3DS abandonment, authentication failure and authorisation failure?
Many merchants don’t realise what the full impact of 3DS is on their revenue. One reason for this is that reports provided by their PSP don’t capture 3DS abandonment. This is often because if the customer does not even try to complete the 3DS challenge, their transaction is not sent to be processed and may therefore not appear in reports provided by the PSP by default. Merchants may also assume that transactions that failed 3DS must be fraudulent – but this is not necessarily true.
By understanding the full funnel, the merchant will understand the true costs to their business, and which stages they are losing their customers. Once the merchant quantifies the transactions they are losing, they will be able to direct efforts to reduce the number of declined transactions.
Why merchants hold the PSD2 cards, and why delegated authentication is a great strategy for merchants who prioritise customer needs and payment expectations?
The biggest revenue uplift merchants can achieve under PSD2 is to optimise their exemption strategy.
Delegated authentication can also be a great strategy for merchants, who for example have a high AOV (over the €250 threshold), and repeat customers. With delegated authentication, the merchant gains control over the form of authentication and can avoid 3DS on every transaction. To use delegated authentication the participating merchant’s fraud rate must be below 13 bps to join the programme, and once they are on the programme it must remain below 8bps.
By opting for delegated authentication, merchants gain control over the full user experience, ensuring that customers can enjoy seamless experiences and in turn will reduce cart abandonments caused by 3DS, but again, it is essential for merchants to ensure that their fraud rate is very low in order to take advantage of this option.