In an earlier blog I wrote that NOW is the right time for payment service providers to prepare their fraud operations for PSD2. But when the exact nature of the law is still being decided and the consequences of PSD2 are still unclear, where should you start?
Here are three areas that can be considered now to build the foundations for the future development of your fraud operations under PSD2.
- Understand the role Transaction Risk Analysis and Transaction Risk monitoring will play for your fraud operations. All payment service providers will need to use Transaction Risk Monitoring to deliver the reporting required by the regulation. PSD2 sets out specific parameters in reference to fraud rates that must be reported against. PSPs must take care that these are understood and that they have the technology in place to report against them, for each payment mechanism.Any PSP looking to secure payments using Transaction Risk Analysis instead of Strong Customer Authentication also needs to understand the applicable parts of the PSD2 Regulatory Technical Standard and how it applies to their fraud operations. This will be different for each PSP and it’s likely you will want to optimise your fraud rates (fraud basis points) for each payment mechanism to make the most of relevant exemptions.
- Prepare to communicate with your customers On the face of it, you may think that communication with customers is not part of the fraud function, and to a certain extent that’s correct. Going by the recent letter I got from my bank, communications teams are already updating bank account T’s and C’s and sending letters to customers about the changes to payments that will soon be law.For the fraud manager it’s important to consider what happens within a payment process, and how two-way communication can help to get a transaction stalled by the need for more authentication, or because of fraud concerns back on track. When PSD2 is implemented the need for Strong Customer Authentication is likely to mean more disruption to customers when they make a payment or manage their account. The better a PSP manages the interaction, the less disruption it will cause to their customers and the more it will help with customer retention.
- Consider the technologies you’ll need to support you. PSD2 means an unprecedented level of change in payments process and disruption to your fraud operations. The advent of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) will change the behavioural data you have access to, as this is the data that underlies your fraud models is now the time to consider introducing artificial intelligence and adaptive analytics capabilities that can make your fraud models responsive to what is likely to be a prolonged period of upheaval.
Here's one of our fraud experts, Brian Kinch, talking about first steps for PSD2.