The Clearsale Blog

How PSD2 may ripple across the sea

How PSD2 may ripple across the sea

PSD2, Europe’s new set of online payment security rules, was supposed to have a ripple effect on U.S.-based merchants when it took effect in September 2019. However, a delay in full enforcement of the new standards until the end of 2020 has given US companies more time to figure out whether they’re required to comply and if so, how to do so. Here’s what U.S.-based merchants who sell into the EU need to know now.

Implications for merchants

PSD2 (Payment Services Directive 2) applies to the European Economic Area (the EU countries plus Norway, Iceland and Liechtenstein). Like GDPR and EMV, PSD2 may affect players outside the area where it’s implemented, although in the case of PSD2, the exact impacts and requirements for merchants outside the EEA are not yet clear.

One of PSD2’s provisions of is a requirement that CNP transactions use Strong Customer Authentication (SCA). SCA is like two-factor authentication because it requires extra proof of identification during an order. For example, a customer making a CNP purchase from a site using SCA might have to provide a PIN or password plus either a fingerprint or face scan and a validated card or mobile device. 

So a customer who enters the CVV for their credit card might also have to enter a code provided by their bank app, to prove it’s not a fraudster paying with stolen card data. To further protect cardholders, the authentication code would become invalid if either the payee or the order amount changed before the order was submitted. 

Delayed enforcement

As with EMV adoption in the U.S., some merchants and banks in the EEA were unable to update their systems in time to comply with the original September 2019 deadline. Officials hope the extra time will allow most banks and merchants to complete the transition at a similar pace, to avoid creating a situation in which some payees are protected by SCA while others remain vulnerable to the types of fraud it’s intended to prevent. 

US merchants and compliance

The enforcement delay in Europe also gives merchants outside the EEA time to review PSD2 and see if they’re required to comply, and think about whether they want to adopt SCA even if it’s not required. It’s possible that some US-based companies that sell into the EEA will also be subject to the rule, especially those whose customers are using cards issued in the EEA.

Why the uncertainty? The PSD2 allows some exemptions to the SCA requirement for CNP transactions, and one of those exemptions is when either the card issuer or the merchant in a transaction is based outside the EEA. However, PSD2 also gives card issuers final say in whether to exempt a transaction from SCA requirements. 

So it’s possible to envision a situation in which a customer inside the EEA places an order using a card issued by a bank inside the EEA to make a purchase on a U.S.-based merchant’s website. If that merchant doesn’t require SCA and the card issuer doesn’t grant the exemption, the merchant will lose the sale. 

PSD2 impacts 

Besides the risk to merchants of losing orders for not using SCA, it’s possible that there will be other impacts on merchants, too. The first is cart abandonment. Rates may rise if customers balk at the additional steps required to check out. 

There’s no question that the extra customer authentication requirements will make CNP transactions more secure. But added steps make it more likely that customers will simply give up. “Too long/complicated checkout process” was the third most common reason U.S. consumers gave Baymard Institute researchers who were studying cart abandonment. If SCA becomes a standard requirement for all CNP transactions, then consumers will adapt. However, inconsistent SCA requirements could drive shoppers toward sites with less secure but faster checkouts.

Another risk related to PSD2 is the potential for more CNP fraud attacks against merchants in markets where PSD2’s SCA requirements are not in effect, such as the U.S. Just as fraudsters focused heavily on CNP fraud after EMV adoption made point-of-sale card fraud much more difficult, organized criminals will likely seek out less protected targets once PSD2’s SCA rules are fully enforced in 2021. Again, the solution here seems to be widespread adoption of SCA or an equally robust alternative.

PSD2 compliance

EMV 3D Secure (and other similar security protocols) meets SCA standards. It does so by sharing customer data with the cardholder’s bank so the bank can score the order’s risk level and ask the customer for more information if needed. Merchants can also use a payment service provider that complies with SCA requirements, because PSPs are the parties responsible for SCA implementation. 

US-based merchants who sell into Europe, or who plan to in the next few years, should use this year to understand how PSD2 may affect their specific business. Depending on their current checkout security protocols and whether their PSP supports SCA, they may not need to do anything new. But if they need to make changes to become more secure for the European market, now is the time to begin.

Original article at: https://www.mobilepaymentstoday.com/blogs/how-psd2-may-ripple-across-the-sea/

You may also like

ClearSale Wins Comparably Awards for Best Work-Life Balance and Happiest Employees

ClearSale Wins Comparably Awards for Best Work-Life Balance and Happiest Employees

Fraud protection leader recognized by career site for a second time this year

ClearSale Becomes Shopify Plus Certified App Program Partner

ClearSale Becomes Shopify Plus Certified App Program Partner

The fraud protection leader has been selected as a premier app provider for the highly regarded commerce platform.

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover fraud is a huge problem, but most US consumers don’t know about it. Only 36% of US consumers say they are familiar with account hijacking fraud, even though it’s one of the..

U.S. shoppers say they'll trade privacy (but not convenience) for better ecommerce fraud protection

U.S. shoppers say they'll trade privacy (but not convenience) for better ecommerce fraud protection

As more consumer spending shifts to e-commerce, merchants need to strike a balance between fraud protection and customer experience. A recent survey just before business closures swept the U.S...

What does effective B2C marketing look like now? Messaging is only part of the story.

What does effective B2C marketing look like now? Messaging is only part of the story.

As more consumers shop online, many companies are pivoting their marketing strategies to focus on digital channels. But smart marketing now requires more than simply reallocating resources for..

ClearSale and BigCommerce Partner to Prepare E-Commerce Merchants for the Holidays

ClearSale and BigCommerce Partner to Prepare E-Commerce Merchants for the Holidays

Fraud protection leader joins e-commerce platform powerhouse to help merchants accentuate customer experience while preventing fraud this seasonMIAMI, FL (September 11, 2020) -- Global fraud..

Survey: Men Experience More Online Shopping Fraud

Survey: Men Experience More Online Shopping Fraud

Male shoppers are more likely to experience online shopping fraud than female shoppers. New research from ClearSale of over a thousand U.S. consumers that shop online at least once every few..

The Four Ways Fraudsters Try to Snag Online Shoppers - and How You Can Avoid Them

The Four Ways Fraudsters Try to Snag Online Shoppers - and How You Can Avoid Them

The COVID-19 pandemic has got more Australians shopping online, leaving them increasingly vulnerable to scammers poised to take advantage. Understanding the four key ways these fraudsters can..

Canadians Concerned About Fraud when Shopping Online: Survey

Canadians Concerned About Fraud when Shopping Online: Survey

A new survey suggests Canadians are much more concerned about the safety of online shopping compared with consumers in the United States.

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog