PSD2 – Why is Transaction Risk Analysis Important for PSPs?

September 04, 2017

PSD2 – Why is Transaction Risk Analysis Important for PSPs?

Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Aut…

Sarah Rutherford by Sarah Rutherford
Fraud Protection & Compliance

Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Authentication (SCA) by payment service providers (PSPs) to secure payments is laid out in the Regulatory Technical Standards for PSD2.

However, the use of SCA to secure every payment over €30 could cause problems for PSPs. It could impact the level of customer service they can offer by forcing them to add friction to the consumers’ payment process, forcing consumers to re-authenticate themselves using multiple factors at the point of payment.

There is a difficult balancing act between fraud reduction and customer experience. PSPs will be allowed to manage this balance by securing payments using transaction risk analysis (TRA) – as long as they can keep their fraud rates low enough (see the transaction value table from the regulatory technical standard, below).

PSD 2 transaction value chart

TRA is a method for identifying fraud by observing the behavior in the transaction by the counterparties involved (see our PSD2 Glossary definition). It is not a new method of fraud detection but PSD2 strengthens the use case for TRA, particularly when it can be deployed in real time.

Why should PSPs secure payments using TRA?

  • It will help them retain customers and attract new ones. TRA happens in real time but is invisible to the customer, therefore it does not add friction to the customer journey. To keep customers happy and retain them, PSPs must reduce friction to a minimum, and TRA can help them to do this.
  • It could save them money. SCA requires authentication using a minimum of two factors, each of these must be from a different category:
    • Inherence – something you are (e.g., a biometric)
    • Possession – something you have (e.g., a device)
    • Knowledge – something you know (e.g., a password)
Understanding when TRA can be used and also how transaction risk monitoring is needed for PSD2 is complex. For more information to help you build your strategy for using SCA and TRA, read our executive brief PSD2 and Transaction Risk Analysis: Why It’s Important to You.

As SCA cannot be avoided completely, PSPs will need to have solutions to deliver these factors in place. However, pricing for these solutions is often based on usage – there may even be a per-check charge. Using TRA whenever possible could help drive down the cost of authenticating payments under PSD2.

Join our webinar “Are Your Fraud Operations Ready for PSD2?” on November 2.

related posts

popular posts
What Is Authorised Push Payment Fraud?
popular posts
5 Keys to Using AI and Machine Learning in Fraud Detection
popular posts
What Is a Cybersecurity Posture?
popular posts
Average U.S. FICO Score Hits New High
popular posts
How to Build Credit Risk Models Using AI and Machine Learning

ICYMI: The @FICO webinar on the effect of #government #regulatory and #COVID19 issues on the #collections industry,… https://t.co/aOKa09sgGz

2 hours ago

#Supplychains keep the world economy in motion. #Decisions are required in nearly every industry dealing with physi… https://t.co/q620KC7c0j

6 hours ago

You're invited to join us for a @FICO Virtual Event: Building #Resiliency – Adapting to the Challenges of Today.… https://t.co/a4zc3Ddf3I

15 hours ago