PSD2 – Why is Transaction Risk Analysis Important for PSPs?

Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Aut…

AdobeStock_143744132@2x.jpeg
Sarah Rutherford by Sarah Rutherford

expand_less Back To Top

Fraud Protection & Compliance

Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Authentication (SCA) by payment service providers (PSPs) to secure payments is laid out in the Regulatory Technical Standards for PSD2.

However, the use of SCA to secure every payment over €30 could cause problems for PSPs. It could impact the level of customer service they can offer by forcing them to add friction to the consumers’ payment process, forcing consumers to re-authenticate themselves using multiple factors at the point of payment.

There is a difficult balancing act between fraud reduction and customer experience. PSPs will be allowed to manage this balance by securing payments using transaction risk analysis (TRA) – as long as they can keep their fraud rates low enough (see the transaction value table from the regulatory technical standard, below).

PSD 2 transaction value chart

TRA is a method for identifying fraud by observing the behavior in the transaction by the counterparties involved (see our PSD2 Glossary definition). It is not a new method of fraud detection but PSD2 strengthens the use case for TRA, particularly when it can be deployed in real time.

Why should PSPs secure payments using TRA?

  • It will help them retain customers and attract new ones. TRA happens in real time but is invisible to the customer, therefore it does not add friction to the customer journey. To keep customers happy and retain them, PSPs must reduce friction to a minimum, and TRA can help them to do this.
  • It could save them money. SCA requires authentication using a minimum of two factors, each of these must be from a different category:
    • Inherence – something you are (e.g., a biometric)
    • Possession – something you have (e.g., a device)
    • Knowledge – something you know (e.g., a password)
Understanding when TRA can be used and also how transaction risk monitoring is needed for PSD2 is complex. For more information to help you build your strategy for using SCA and TRA, read our executive brief PSD2 and Transaction Risk Analysis: Why It’s Important to You.

As SCA cannot be avoided completely, PSPs will need to have solutions to deliver these factors in place. However, pricing for these solutions is often based on usage – there may even be a per-check charge. Using TRA whenever possible could help drive down the cost of authenticating payments under PSD2.

Join our webinar “Are Your Fraud Operations Ready for PSD2?” on November 2.

Sarah Rutherford
Sarah Rutherford
Sarah Rutherford manages solutions marketing for FICO's fraud, cybercrime and compliance business. Sarah is on a mission to help organizations understand more about the fraud and financial crime challenges they face and introduce them to better ways to fight the bad guys. Having worked as a marketing professional in the IT sector for almost 20 years, Sarah joined FICO following six years at Experian. An enthusiastic blogger, Sarah has blogged about subjects as diverse as identity management, fraud and cybersecurity, payments, women in the workplace and motivational sayings that are irritating!
See all Posts
chevron_leftBlog Home
Fraud fraud management psd2 Regulation regulatory compliance Retail Banking

Related posts

Popular Posts

Take the next step

Connect with FICO for answers to all your product and solution questions. Interested in becoming a business partner? Contact us to learn more. We look forward to hearing from you.

Contact us