The Clearsale Blog

How PSD2 may ripple across the sea

How PSD2 may ripple across the sea

PSD2, Europe’s new set of online payment security rules, was supposed to have a ripple effect on U.S.-based merchants when it took effect in September 2019. However, a delay in full enforcement of the new standards until the end of 2020 has given US companies more time to figure out whether they’re required to comply and if so, how to do so. Here’s what U.S.-based merchants who sell into the EU need to know now.

Implications for merchants

PSD2 (Payment Services Directive 2) applies to the European Economic Area (the EU countries plus Norway, Iceland and Liechtenstein). Like GDPR and EMV, PSD2 may affect players outside the area where it’s implemented, although in the case of PSD2, the exact impacts and requirements for merchants outside the EEA are not yet clear.

One of PSD2’s provisions of is a requirement that CNP transactions use Strong Customer Authentication (SCA). SCA is like two-factor authentication because it requires extra proof of identification during an order. For example, a customer making a CNP purchase from a site using SCA might have to provide a PIN or password plus either a fingerprint or face scan and a validated card or mobile device. 

So a customer who enters the CVV for their credit card might also have to enter a code provided by their bank app, to prove it’s not a fraudster paying with stolen card data. To further protect cardholders, the authentication code would become invalid if either the payee or the order amount changed before the order was submitted. 

Delayed enforcement

As with EMV adoption in the U.S., some merchants and banks in the EEA were unable to update their systems in time to comply with the original September 2019 deadline. Officials hope the extra time will allow most banks and merchants to complete the transition at a similar pace, to avoid creating a situation in which some payees are protected by SCA while others remain vulnerable to the types of fraud it’s intended to prevent. 

US merchants and compliance

The enforcement delay in Europe also gives merchants outside the EEA time to review PSD2 and see if they’re required to comply, and think about whether they want to adopt SCA even if it’s not required. It’s possible that some US-based companies that sell into the EEA will also be subject to the rule, especially those whose customers are using cards issued in the EEA.

Why the uncertainty? The PSD2 allows some exemptions to the SCA requirement for CNP transactions, and one of those exemptions is when either the card issuer or the merchant in a transaction is based outside the EEA. However, PSD2 also gives card issuers final say in whether to exempt a transaction from SCA requirements. 

So it’s possible to envision a situation in which a customer inside the EEA places an order using a card issued by a bank inside the EEA to make a purchase on a U.S.-based merchant’s website. If that merchant doesn’t require SCA and the card issuer doesn’t grant the exemption, the merchant will lose the sale. 

PSD2 impacts 

Besides the risk to merchants of losing orders for not using SCA, it’s possible that there will be other impacts on merchants, too. The first is cart abandonment. Rates may rise if customers balk at the additional steps required to check out. 

There’s no question that the extra customer authentication requirements will make CNP transactions more secure. But added steps make it more likely that customers will simply give up. “Too long/complicated checkout process” was the third most common reason U.S. consumers gave Baymard Institute researchers who were studying cart abandonment. If SCA becomes a standard requirement for all CNP transactions, then consumers will adapt. However, inconsistent SCA requirements could drive shoppers toward sites with less secure but faster checkouts.

Another risk related to PSD2 is the potential for more CNP fraud attacks against merchants in markets where PSD2’s SCA requirements are not in effect, such as the U.S. Just as fraudsters focused heavily on CNP fraud after EMV adoption made point-of-sale card fraud much more difficult, organized criminals will likely seek out less protected targets once PSD2’s SCA rules are fully enforced in 2021. Again, the solution here seems to be widespread adoption of SCA or an equally robust alternative.

PSD2 compliance

EMV 3D Secure (and other similar security protocols) meets SCA standards. It does so by sharing customer data with the cardholder’s bank so the bank can score the order’s risk level and ask the customer for more information if needed. Merchants can also use a payment service provider that complies with SCA requirements, because PSPs are the parties responsible for SCA implementation. 

US-based merchants who sell into Europe, or who plan to in the next few years, should use this year to understand how PSD2 may affect their specific business. Depending on their current checkout security protocols and whether their PSP supports SCA, they may not need to do anything new. But if they need to make changes to become more secure for the European market, now is the time to begin.

Original article at: https://www.mobilepaymentstoday.com/blogs/how-psd2-may-ripple-across-the-sea/

You may also like

Merchant Fraud Journal’s 2021 Trends Report

Merchant Fraud Journal’s 2021 Trends Report

How can merchants anticipate, prevent, and address new fraud tactics in the coming year?

Unify Customer Data for Better Marketing, CX and Fraud Prevention

Unify Customer Data for Better Marketing, CX and Fraud Prevention

Learn how unified data gives you a single view of your customers for your marketing and fraud control teams.

Is your e-commerce store getting the most value from the data you collect? Ideally,..

Consumer Attitudes and Behaviors Are Shaping the Future of Retail

Consumer Attitudes and Behaviors Are Shaping the Future of Retail

To survive the current global economic downturn caused by the coronavirus pandemic, retailers need to fully accept mobile device shopping. To succeed, the e-commerce industry needs to learn about..

What Ecommerce Fraud Issues Will Retailers Face in 2021?

What Ecommerce Fraud Issues Will Retailers Face in 2021?

After a year like no other, merchants and their customers are looking forward to the possibility of some return to normalcy in 2021. However, some of the fraud trends we saw in 2020 will be with..

What Can Your Brand Do With Social Video Marketing Now?

What Can Your Brand Do With Social Video Marketing Now?

Both B2C and B2B brands can drive engagement and conversions from social video marketing. Here's how.

How can businesses use social video now? For both B2C and B2B brands, the short answer is..

A Two-Tiered Approach to Fraud Prevention Can Help Online Businesses Boost Sales

A Two-Tiered Approach to Fraud Prevention Can Help Online Businesses Boost Sales

Every online merchant understands the financial harm that fraud can do, including chargeback fees, higher payment processing rates, lost product, and other costs like shipping, marketing and fraud..

Analyze Your Holiday 2020 Fraud Data Now to Prep For Holiday 2021

Analyze Your Holiday 2020 Fraud Data Now to Prep For Holiday 2021

With the 2020 winter holidays in the books, ecommerce merchants are planning for the 2021 holiday sales season. That planning should include a review of your store’s 2020 holiday fraud-prevention..

What Merchants Need to Know About BNPL Options

What Merchants Need to Know About BNPL Options

Buy Now Pay Later (BNPL) is continuing to grow throughout Australia among retailers and beyond.

Report Finds More Than Half of Consumers Not Concerned About Online Fraud

Report Finds More Than Half of Consumers Not Concerned About Online Fraud

In a study to determine the effects a global pandemic had on consumer behavior and attitudes toward e-commerce, researchers found at least 20 percent of the increases e-commerce merchants realized..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog