The revised Payment Services Directive (PSD2) has successfully cut down on fraud in the EU and British markets by as much as 40 percent, according to one estimated bandied about at the MRC Barcelona conference last month in Spain. However, this benefit has been outweighed by the cost of implementation and the impact on customer conversion rates. How merchants have dealt with this added PSD2 friction was one of the major topics of discussion at the conference.
PSD2 is a regulatory framework implemented by the European Union to promote competition and innovation in the payment industry. In addition to promoting competition and innovation, the PSD2 directive also emphasizes the importance of strong customer authentication (SCA) for electronic payments. SCA requires customers to provide at least two forms of authentication, such as a password, biometric data, or a unique code sent to their mobile device, ensuring enhanced security and protecting customers against unauthorized transactions. This measure aims to reduce fraud and increase consumer confidence in digital payment services within the European Union.
Poor timing reduces merchant attendance
Over 600 people took part in the MRC Barcelona trade show and conference over three days from May 29-31. Organized by the Merchant Risk Council (MRC), the event was smaller than the organization’s flagship Las Vegas show in March but more focused on the issues pertinent to European markets.
Foot traffic was relatively light in the exhibition hall, as some merchants elected not to attend this year due to a British bank holiday on Monday, May 29, which was also a holiday in many other European countries due to Pentecost. However, for those that did attend, certain topics clearly resonated.
Finding ways around 3DS 2.0 and SCA
“Merchant frustration and resignation around 3DS2 felt like a strong, recurring theme at the show,” said Justin Benson, CEO of Spreedly, a payment orchestration platform.
3DS 2.0 is a two-factor authentication solution widely used by European merchants to comply with the SCA requirement of PSD2. It was blamed at the conference and elsewhere for significantly increasing the time it takes European customers to complete a transaction at checkout – friction that leads to cart abandonment.
“3DS 2.0 has on average a 60 second time to completion,” said Renan Renner, Product Lead for Authentication at Adyen, at one of the educational panels at the conference. Meanwhile, the average time it takes a European to complete a checkout is 3.3 minutes, according to Stripe’s State of European Checkouts in 2022 Report. Stripe also claims that 62 percent of customers will abandon a checkout that takes longer than two minutes.
Clearly, European merchants have a problem with customer friction on their hands.
Unsurprisingly, the MRC’s 2023 Global Payments and Fraud Survey Report discussed at the conference showed that there has been a significant increase in the use of SCA exemptions allowed under PSD2 by European merchants as a means of reducing the cost of PSD2 in terms of reduced conversion rates over the past year or two.
Merchants also discussed other sorts of solutions to their PSD2 woes.
“Three things that I was hearing a lot about at the MRCs European conference in Barcelona this year were authentication, payment orchestration and optimization,” said the head of payments of a merchant in the telecommunications industry. “As a result of PSD2 all Europeans transacting online should now be very familiar with 2FA. But it has been a bumpy ride to where we are today and as a result of that, delegated authentication was discussed both in the sessions and the hallways of the conference center.”
Delegated authentication is seen as alternative way to increase security compared to traditional two-factor authentication, while improving the user authentication experience leading to higher conversion rates. It enables SCA-compliant transactions without purchasers being redirected to issuers apps or websites from the merchant’s site or having to enter a one-time passcode.
Payment orchestration is hot
Beyond PSD2, SCA and customer authentication concerns, payment orchestration was also a topic of interest for merchants with a number of sessions dedicated to it, as well as many conversations at the event.
“’This is like a few years ago when all anyone could talk about was digital wallets’ was one comment I overheard that seemed to capture the sentiment,” said Spreedly CEO Justin Benson.
Payment orchestration platforms (POPs) are software solutions that provide a centralized hub for processing payments. By integrating with various payment service providers (PSPs), these platforms give retailers the ability to offer their customers a variety of payment options while simplifying the back-end payment process. This results in a faster, more seamless payment experience for customers and helps to increase conversions for retailers.
First party fraud/misuse up as economy goes down
Major fraud trends discussed this year at the conference included account takeovers (ATO) bot attacks, and first party fraud. The first two are a continuation of trends from recent years, but first-party fraud has been given a real impetus from the economic slowdown affecting much of the globe.
“First party fraud has become a big issue, primarily due to the global cost of living crisis, consumers are having to make difficult decisions and the lines of what is acceptable and what is fraudulent are becoming blurred for some people,” said Steve Goddard, a fraud subject matter expert from the solution vendor Featurespace.
No predominant vendor trend
In terms of vendor solutions this year, no single, clear trend was uniformly identified by merchants or vendors.
On the payments side, some people pointed to the increased presence of payment orchestrators, who are adding more and more connected services to their platforms, as one notable trend.
On the fraud side, some merchants and vendors reported that conversations heavily revolved around data that could add significant value to machine learning-based solutions, such as device, IP resolution and behavioral insight data.
The buying and selling of fraud and payment solutions didn’t seem like a focus for most attendees at the trade show.
For many, the main benefit of the conference was the opportunity it afforded merchants, issuers, acquirers and solution vendors to all meet and find better ways to cooperate together against fraudsters.
“Everyone needs to work together and that’s one of the great things MRC does,” said Goddard. “The criminals are not just lone wolves in hoodies. They are better organized than we are.”