Posts

Are consumers ready for PSD2 (and SCA)?

In my previous articles, I mainly discussed what PSD2 and SCA will mean for businesses. However, all of these developments are and will continue impacting consumers and customer experiences in various ways. In this article, I’d like to shine a light on how these changes will affect consumers.

In a nutshell. the newly revised Payment Services Directive (PSD2) is aimed at improving financial data management. The European Union wants consumers to be in charge of their financial data. Alongside this noble intention, the aim is also to increase competition and foster innovation within the financial sector. Still, do consumers even know what is going on?

Do consumers know what is going on?

While banks and businesses will do their best to make the transition to PSD2 and SCA as smooth as possible, it is true that consumer awareness regarding the pending changes isn’t very high.

Some countries are trying their best to inform and prepare their citizens. In the summer of 2019, Banking & Payment Federation Ireland (BPFI) launched two awareness campaigns in order to alert consumers regarding the possible effects of PSD2 and SCA.

Across Europe, consumers also feel quite differently regarding the changes. For example, the Dutch consider safety when shopping online to be less important than other Europeans. Consequently, in the Netherlands, 52% of consumers are comfortable with sharing biometric data like fingerprints, compared to just 31 per cent in the rest of Europe. Moreover, whereas the Dutch (50%) see speed and convenience as the most important factor when shopping online, the French (62%) and Germans (61%) feel online safety is most important. Research by financial services provider GoCardless has shown this to be the case.

#1 PSD2 will improve the banking experience

As banks share customer data with FinTechs, expect to see an increase and improvement in mobile apps or online services geared towards financial management.

Soon, a customer with accounts at two or three different banks, will be able to use a third party app that sources information from these financial institutions. Third party apps will also be allowed to manage the users bank accounts and make payments on their behalf.

For many consumers, PSD2 will lead to more choice in terms of services, better financial insights and easier financial management.

#2 PSD2 will deteriorate the online checkout experience

A critical part of PSD2 is the introduction of Strong Customer Authentication (SCA). This means that consumers will need to authenticate themselves at checkout by presenting two of the three following elements:

● Something they know (passphrase)
● Something they own (devices)
● Something they are (biometrics)

An online shopper, after logging into the webshop with her password and proceeding to checkout, will be challenged by the bank to authenticate herself via something she owns or something she is. A previously quick checkout experience, suddenly requires the user to take extra steps. In other words, SCA adds friction at checkout and in many cases, friction will lead to cart abandonment.

Still, some lucky businesses, granted they meet certain requirements, will be able to apply for exemptions and offer consumers frictionless flow.

Strong Customer Authentication Alphacomm Solutions

#3 PSD2 will increase privacy concerns

This is the big one. We’re living in an age in which consumers and their government representatives have become more aware of the dangers of data sharing. As with all matters of data sharing, there are many benefits to the consumer, but there’s always that risk of losing control. In the past, data has been shared, bought and sold with wanton abandon. Has the EU done enough to address these fears?

Personal financial data as price of admission?
Ideally, PSD2 opens up the market to allow new startups to launch innovative products that improve the lives of all consumers. Some of these companies will be very strict, adhere to all the rules and never try to gain an unfair advantage through the exploitation of data.

Still, there is also the fear that larger or less honest corporations that provide must-have goods or services, will leverage their popularity (power) in a way that consumers will find themselves handing over their data in order to gain access or receive discounts.

Here is a fictional example: what if a new version of the most popular mobile phone on the market would come at a €200 discount? In return, you’d need to grant access to your bank account, in order for the store to perform a credit check.

Or another one: what if a bigger, better and badder Game of Thrones sequel was only viewable through a popular streaming service’s ‘premium tier’? As a consumer, would you get premium in order to watch the show everybody else can’t stop talking about?

There are benefits to the consumer. By analysing financial patterns alongside viewing patterns, they could indeed make better recommendations or even produce better shows. Is this worth it to you? Like it or not, it will definitely be worth it to many.

Complicated cross-border spats?
European consumers are increasingly shopping across the border. Many don’t always know where businesses are based. If something were to happen, taking (legal) action against a business in another European country other than your own might prove to be a very difficult challenge for most consumers.

Two degrees of separation?
Lastly, the more data consumers share, the less control they have over their privacy. It is even possible for one person’s lack of privacy to affect another person’s data. Even if a particular consumer is totally against sharing financial data, her data isn’t 100% private. Simply transferring funds to a friend, who does share financial data with third parties, can already be enough.

_______________________________________________

In conclusion, personal data, though aggregated and anonymized, can lead to serious consequences when in the wrong hands. However, it can also enrich society and improve the lives of millions in countless ways.

Luckily, companies that want to participate in this open banking system will need to undergo screenings, acquire permits from the central banks of the countries in which they want to operate in and be accountable to various local authorities.

At Alphacomm Solutions, integrity and security are values we hold dear. We have been fighting fraud and securing payments for over 20 years. Looking for advice on how to prepare for PSD2 and SCA? Get in touch with us today.

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Automatic Top-Up - Alphacomm Solutions - Reloads

Are consumers ready for PSD2 (and SCA)?

In my previous articles, I mainly discussed what PSD2 and SCA will mean for businesses. However, all of these developments are and will continue impacting consumers and customer experiences in various ways. In this article, I’d like to shine a light on how these changes will affect consumers.

In a nutshell. the newly revised Payment Services Directive (PSD2) is aimed at improving financial data management. The European Union wants consumers to be in charge of their financial data. Alongside this noble intention, the aim is also to increase competition and foster innovation within the financial sector. Still, do consumers even know what is going on?

Do consumers know what is going on?

While banks and businesses will do their best to make the transition to PSD2 and SCA as smooth as possible, it is true that consumer awareness regarding the pending changes isn’t very high.

Some countries are trying their best to inform and prepare their citizens. In the summer of 2019, Banking & Payment Federation Ireland (BPFI) launched two awareness campaigns in order to alert consumers regarding the possible effects of PSD2 and SCA.

Across Europe, consumers also feel quite differently regarding the changes. For example, the Dutch consider safety when shopping online to be less important than other Europeans. Consequently, in the Netherlands, 52% of consumers are comfortable with sharing biometric data like fingerprints, compared to just 31 per cent in the rest of Europe. Moreover, whereas the Dutch (50%) see speed and convenience as the most important factor when shopping online, the French (62%) and Germans (61%) feel online safety is most important. Research by financial services provider GoCardless has shown this to be the case.

#1 PSD2 will improve the banking experience

As banks share customer data with FinTechs, expect to see an increase and improvement in mobile apps or online services geared towards financial management.

Soon, a customer with accounts at two or three different banks, will be able to use a third party app that sources information from these financial institutions. Third party apps will also be allowed to manage the users bank accounts and make payments on their behalf.

For many consumers, PSD2 will lead to more choice in terms of services, better financial insights and easier financial management.

#2 PSD2 will deteriorate the online checkout experience

A critical part of PSD2 is the introduction of Strong Customer Authentication (SCA). This means that consumers will need to authenticate themselves at checkout by presenting two of the three following elements:

● Something they know (passphrase)
● Something they own (devices)
● Something they are (biometrics)

An online shopper, after logging into the webshop with her password and proceeding to checkout, will be challenged by the bank to authenticate herself via something she owns or something she is. A previously quick checkout experience, suddenly requires the user to take extra steps. In other words, SCA adds friction at checkout and in many cases, friction will lead to cart abandonment.

Still, some lucky businesses, granted they meet certain requirements, will be able to apply for exemptions and offer consumers frictionless flow.

Strong Customer Authentication Alphacomm Solutions

#3 PSD2 will increase privacy concerns

This is the big one. We’re living in an age in which consumers and their government representatives have become more aware of the dangers of data sharing. As with all matters of data sharing, there are many benefits to the consumer, but there’s always that risk of losing control. In the past, data has been shared, bought and sold with wanton abandon. Has the EU done enough to address these fears?

Personal financial data as price of admission?
Ideally, PSD2 opens up the market to allow new startups to launch innovative products that improve the lives of all consumers. Some of these companies will be very strict, adhere to all the rules and never try to gain an unfair advantage through the exploitation of data.

Still, there is also the fear that larger or less honest corporations that provide must-have goods or services, will leverage their popularity (power) in a way that consumers will find themselves handing over their data in order to gain access or receive discounts.

Here is a fictional example: what if a new version of the most popular mobile phone on the market would come at a €200 discount? In return, you’d need to grant access to your bank account, in order for the store to perform a credit check.

Or another one: what if a bigger, better and badder Game of Thrones sequel was only viewable through a popular streaming service’s ‘premium tier’? As a consumer, would you get premium in order to watch the show everybody else can’t stop talking about?

There are benefits to the consumer. By analysing financial patterns alongside viewing patterns, they could indeed make better recommendations or even produce better shows. Is this worth it to you? Like it or not, it will definitely be worth it to many.

Complicated cross-border spats?
European consumers are increasingly shopping across the border. Many don’t always know where businesses are based. If something were to happen, taking (legal) action against a business in another European country other than your own might prove to be a very difficult challenge for most consumers.

Two degrees of separation?
Lastly, the more data consumers share, the less control they have over their privacy. It is even possible for one person’s lack of privacy to affect another person’s data. Even if a particular consumer is totally against sharing financial data, her data isn’t 100% private. Simply transferring funds to a friend, who does share financial data with third parties, can already be enough.

_______________________________________________

In conclusion, personal data, though aggregated and anonymized, can lead to serious consequences when in the wrong hands. However, it can also enrich society and improve the lives of millions in countless ways.

Luckily, companies that want to participate in this open banking system will need to undergo screenings, acquire permits from the central banks of the countries in which they want to operate in and be accountable to various local authorities.

At Alphacomm Solutions, integrity and security are values we hold dear. We have been fighting fraud and securing payments for over 20 years. Looking for advice on how to prepare for PSD2 and SCA? Get in touch with us today.

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Automatic Top-Up - Alphacomm Solutions - Reloads

Strong Customer Authentication Alphacomm Solutions

The truth about Strong Customer Authentication (SCA)

Strong Customer Authentication is coming and it arrives – bearing headaches – on September 14th 2019. The impending implementation of SCA is part of the revised Payment Services Directive (PSD2) that came into force on January 18th 2018. 

For a refresher on PSD2, check out our article ‘An explanation of the revised Payment Services Directive (PSD2).’

But what is SCA exactly?

The Revised Payment Services Directive (PSD2) outlines that payments are to be made more secure and that platforms need to be open for integration. SCA specifically, refers to the way in which payments are made more secure. As of September 14th, online shoppers will need to verify their identity by sharing two out of three required elements:

  • Something they know (password, pin, secret fact)
  • Something they own (phone, wearable, hardware token)
  • Something they are (fingerprint ID, facial ID, voice ID, retina scan)

Strong Customer Authentication Alphacomm Solutions

Up until this point, the standard tool used to verify the authenticity of online transactions was the 3D Secure 1.0 system (3DS1). To make this stronger form of authentication possible, an update of the 3D Secure system from 1.0 to 2.0 was necessary. So now, along with the introduction of SCA, card schemes are adopting 3DS2 in order to better comply with SCA.

Don’t get lost in the acronym jungle. It’s pretty clear once you see how they are all connected:

  • PSD2 ⇒ A directive outlining the general goal of open banking, data sharing and security
  • SCA ⇒ A requirement of PSD2, stating that two out of three elements are needed for authentication
  • 3DS2 ⇒ The authentication tool that makes compliance with SCA possible

 

SCA adds friction and hurts conversion

So what does SCA mean for business? SCA is amazing because it makes payments secure and gives businesses a leg up in the battle to eradicate fraud. However, you need to be aware of the drawbacks. SCA adds friction to the shopping experience. Users had just gotten the hang of online shopping and now they need to learn new tricks like using biometrics at checkout. There’s no way of avoiding it. European banks will be required to decline payments that don’t meet the SCA standard.

While we’re waiting for 3DS2, let’s look at 3DS1. In April 2019, Ravelin released a shocking report on the effects of 3D Secure. After analysing millions of global business transactions, they found that 22% of payments were lost as a result of using 3DS.

A study by 451 Research suggests the European economy is likely to miss out on €57 billion in the first twelve months after SCA comes into force.

 

SCA exemptions

Luckily, there are various exceptions to the rule. The following are the most common:

Transactions (partly) outside the EEA
For SCA to apply to international transactions, both countries (that of the user and the seller) need to be located within the EEA. In other words, a transaction between a user in the USA and a German eCommerce website is exempt from SCA. However, some European banks might choose to apply SCA anyway.

People often refer to PSD2, GDPR, SCA etc as European. However, Europe is not synonymous with the European Union and the Union doesn’t quite cover it either. SCA applies to all businesses operating within the European Economic Area (EEA). That’s the European Union, plus Iceland, Liechtenstein and Norway. Note that Switzerland is not part of the EEA.

Low transaction value
Moreover, transactions with a value under €30 are exempt from SCA.

Low transaction risk
Issuing banks or acquirers can apply for an exemption for low-risk payments on the basis of Transaction Risk Analysis (TRA). In order to be considered for the exemption, fraud rates for remote card payments need to be between one and six basis points.

Trusted beneficiaries
After completing a payment with SCA, users will increasingly be able to whitelist trusted merchants. The next time a purchase is made, SCA will be bypassed. Whitelisting will become more commonplace as more card issuers start supporting it.

Excluded / Out of scope

The following transactions are excluded from SCA as they fall outside the scope of the regulation:

  • MOTO: Transactions completed over the telephone or via mail order.
  • MIT: Merchant initiated transactions (MIT) like recurring payments or subscriptions.

Frictionless Flow Alphacomm Solutions

Frictionless flow and chargeback liability shift

The Payment Services Directive (PSD2) includes provisions that allow merchants to soften the blow of SCA to the consumer experience. One such provision is ‘frictionless flow.’

Frictionless flow allows SCA measures to be bypassed. In other words, eligible merchants will be able to offer their consumers a checkout experience without any added friction.

Frictionless flow can only be applied to transactions that meet certain criteria; the size of the purchase in relation to the fraud rate of the merchant (acquirer).

For example, for transactions up to €100, frictionless flow is allowed only if the fraud rate is less than 0.13%. For transactions up to €250 and €500, the fraud rate cap is set at 0.06% and 0.01% respectively.

Frictionless flow is very beneficial to eligible merchants as it minimises the risk of cart abandonment. However, the merchant is liable for any chargebacks that occur through frictionless flow.

Still, there is an exception. If and when an issuing bank does not trust a transaction and refuses to grant frictionless flow, the consumer is presented with an authentication challenge. If the consumer passes the challenge, the chargeback liability shifts towards the issuing bank.

 

What can businesses do to soften the blow?

The bottom line is that conversions affect, well, your bottom line. It is of utmost importance that visitors carry out their purchases as intended, regardless of the new authentication measures. To that end, the best thing you can do is be upfront about it.

Own it. Inform your users that you’re proud to offer a secure shopping experience. Tell your customers that checkout is as safe as it can be because of your adherence to the latest standards. Most of all, tell them early, don’t wait until they are at the checkout phase.

Certain payment methods are intrinsically (in and of themselves) SCA-proof, for example, Apple Pay and Google Pay. Both of which already combine the OWN and ARE elements. Using a payment method like Apple Pay therefore automatically reduces the perceived friction.

Finally, the best thing you can do is ally yourself with an expert in the field of payments. Not sure whether your payment transactions meet the SCA standard? Looking for a partner that offers local payment methods that Europeans love and trust? Alphacomm Solutions can help. Let’s get in touch!

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Automatic Top-Up - Alphacomm Solutions - Reloads