Now that the first draft of the proposed PSD3 regulation has been released, PSD3, in its current guise, raises several questions around its impact on online credit card payments, fraud, and conversion rates.
Galit Shani Michel, VP Payments, Forter writes for Payment Expert exploring this impact and what the future looks like with PSD3.
1 – Bringing order to data sharing
PSD3 appears to be heavily focused on data sharing, which is a great sign. Increasing the inter-communication between banks, processors, PSPs, merchants, and the rest of the payments ecosystem will improve conversion rates. PSD3 will also enhance customer service, through streamlining the sharing of data to make risk decisions.
If banks can share more customer information, it will be easier for organisations to trust the right people and remove friction from every stage of the customer journey.
Many companies lose more money to false declines – rejected transactions from legitimate customers that have been declined out of an over-abundance of caution – than to deliberate fraud. False declines also have a significant impact on customer retention and loyalty, if customers who are declined consequently choose to shop elsewhere.
Therefore, ensuring that the sharing of data between organisations is as easy as possible should increase the number of approved legitimate transactions and drive down the rate of false declines.
2 – Supporting standardisation
Those outside the payments industry often find the lack of standardisation across our most basic data exchanges hard to believe. As a result, data is not optimised correctly, leading to a high number of rejected transactions. Something as minor as an incorrect use of capital letters in customer data can result in a transaction being declined.
This lack of standardisation means institutions format data in different ways, and therefore have differing expectations on how data should be shared.
This long-standing issue has become increasingly pressing since the introduction of PSD2 and the resulting uptake of frictionless 3DS, 3DS2. Whilst this can be beneficial for banks, merchants, and customers, a bank may stop 3DS2 from being used for a preventable reason. This could be the merchant not sharing something important, but non-mandatory, like an IP address.
Standardisation will address issues across the board, leading to improved customer experience and conversion rates. Whilst PSD3 likely won’t be implemented until 2026, it’s encouraging to see standardisation addressed at this stage.
3 – Enabling real provider choice
Because the payments ecosystem evolved organically, PSPs and processors often have unique processes and data formats. This can make it extremely difficult for merchants to consider switching from the format used by one provider to that used by another, or even exploring the option of using multiple providers.
Once again, this problem has been made more pressing by PSD2. Transaction Risk Analysis exemption thresholds, which determine whether 3DS can be circumnavigated, are impacted by a number of factors. One is the fraud rate of the acquiring bank in the last quarter. This will determine the access that merchants may have to different values within exemption thresholds i.e., no exemptions, up to €100, €250, or €500.
This is important. In instances where exemptions can be requested on transactions up to €250, but not €500, this can have a significant impact on the experience being offered to a merchant’s most valuable customers. If the acquiring bank’s fraud rate were to increase too much, exemptions would be removed completely, resulting in all transactions going through 3DS.
Increasing flexibility in terms of the solutions providers that can be utilised is key to improving the customer experience and increasing conversion rates. Whilst merchants will need to ask challenging questions of their providers, they can be confident in acting upon their data.
4 – Addressing a root cause of fraud
The complexities of sharing data, at scale, on known fraudsters within the payments ecosystem has long been an issue, making it harder to mitigate their impact. The proposed PSD3 framework makes this easier, enabling all parties within the ecosystem to make more informed decisions on how to prevent fraud.
Ultimately, this positively impacts companies’ revenue, and enables fraud teams to ensure legitimate transactions from trusted customers are accepted, and target increasingly sophisticated fraudster activity.
5 – 3DS: The big missed opportunity
Whilst the first proposal of PSD3 is largely promising, one area it fails to address is a big one: improving 3DS.
Although not mandated by PSD2, 3DS became the go-to mechanism for fulfilling the strong customer authentication requirement, and as such has become ubiquitous across Europe. It’s therefore surprising that its levels of accessibility haven’t been addressed with PSD3.
The number of personas excluded from using 3DS is far higher than it should be. PSD2 was designed to improve accessibility and inclusion in payments; yet the high friction levels for the elderly, digital nomads, or those who are not wholly comfortable with technology and shopping online, is concerning.
It is therefore frustrating to see that the opportunity to directly address 3DS within PSD3 hasn’t been taken.
PSD3 will enable increased trust online
Despite the absence of 3DS improvements in the first PSD3 proposal, there is a lot to be encouraged by. If data sharing is opened up, and standardised, it will make a huge difference in enabling all parties within the payments ecosystem to make more informed and accurate decisions about risk.