Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Authentication (SCA) by payment service providers (PSPs) to secure payments is laid out in the Regulatory Technical Standards for PSD2.
However, the use of SCA to secure every payment over €30 could cause problems for PSPs. It could impact the level of customer service they can offer by forcing them to add friction to the consumers’ payment process, forcing consumers to re-authenticate themselves using multiple factors at the point of payment.
There is a difficult balancing act between fraud reduction and customer experience. PSPs will be allowed to manage this balance by securing payments using transaction risk analysis (TRA) – as long as they can keep their fraud rates low enough (see the transaction value table from the regulatory technical standard, below).
TRA is a method for identifying fraud by observing the behavior in the transaction by the counterparties involved (see our PSD2 Glossary definition). It is not a new method of fraud detection but PSD2 strengthens the use case for TRA, particularly when it can be deployed in real time.
Why should PSPs secure payments using TRA?
- It will help them retain customers and attract new ones. TRA happens in real time but is invisible to the customer, therefore it does not add friction to the customer journey. To keep customers happy and retain them, PSPs must reduce friction to a minimum, and TRA can help them to do this.
- It could save them money. SCA requires authentication using a minimum of two factors, each of these must be from a different category:
- Inherence – something you are (e.g., a biometric)
- Possession – something you have (e.g., a device)
- Knowledge – something you know (e.g., a password)
Understanding when TRA can be used and also how transaction risk monitoring is needed for PSD2 is complex. For more information to help you build your strategy for using SCA and TRA, read our executive brief PSD2 and Transaction Risk Analysis: Why It’s Important to You.
As SCA cannot be avoided completely, PSPs will need to have solutions to deliver these factors in place. However, pricing for these solutions is often based on usage – there may even be a per-check charge. Using TRA whenever possible could help drive down the cost of authenticating payments under PSD2.