When it comes to fraud prevention, there are some opportunities that came with the PSD2 to ensure the smoothest payment experience to customers while guaranteeing a high level of security and complying with the regulation. For Ecommerce Transaction Risk Analysis (TRA) this is possible thanks to leveraging exemptions in the Strong Customer Authentication (SCA). In fact, the real-time risk analysis serves to remove friction without sacrificing security, with the effective TRA solutions being AI driven and running on machine learning algorithms. TRA allows for strong protection of the customer and business alike, all providing excellent fraud prevention.
So how does it work? TRA solutions usually analyse the issuer’s and merchant’s risk scores and other risk factors to confirm that spending, place, time and other behavioural patterns are within the norm; if not, the exemption test fails and the risk alert is triggered and authentication required.
Transactions up to €500 (number that varies according to the acquirer’s fraud rates) can individually go into a secure exemption flow from SCA, as deemed of low risk of fraud, thanks to the real-time TRA. The request for PSD2 exemption is up to the merchant’s approval.
As mentioned, TRA is an essential component of effective payment solutions, especially since PSD2 has brought on many challenges for businesses and retailers in order to improve customers’ security. Here are the main challenges:
TRA reduces shopping cart abandonment therefore increasing conversion because besides performing real-time risk assessment, it also takes care of out-of-scope PSD2 orders and safeguards the ID of the merchant, which improves bank authorisation rates.
Therefore, implementing an effective TRA has a direct impact on conversions. Suffice it to say that the first data analysed after the implementation of PSD2 were indicative of how crucial it was to manage the SCA and its exemptions. Analyses of the early data from that period, carried out by Mastercard and Fabrick revealed that 80% of Mastercard’s transactions were sent directly into the authorization flow, taking advantage of PSD2 exemptions for transactions that were deemed of low fraud risk and of low value, thanks to Transaction Risk Analysis (TRA). The transactions in Europe and the UK with Mastercard grew 49% in the 3DS flow just in 4 months.
Moreover, after only 3 months of 3DS flow implementation, the European grand total of authentication rate improved from 61.8% to 74.5%, with the UK being an absolute leader with almost 90% authentication rate in 3DS flow with Mastercard. Frictionless flow (3DS exemption) was the main reason for this high authentication rate. Fabrick, in turn, reported that the authentication conversion rate was 76.22% after 3DS protocols became obligatory.
The goal for the PSD2 SCA requirement was to reduce fraud and ensure that issuers and merchants in the EEA were validating all electronic payments. And PSD2 SCA is certainly good for digital commerce because it allows for safer and more secure transactions, but the friction could still become limiting and alienate potential customers, which is when TRA comes into play.
As seen in the analysis above, transaction risk analysis has a positive effect on shopping cart abandonment and conversion rates. Unnecessary authentication for a valid non-fraudulent transaction would add friction to the payment process and risks to encourage the user to abandon their shopping cart. On the contrary, optimising existing flows can boost the quality of TRA and improve the conversion rate, while also reducing chargeback.
In a constant pursuit to improve the protection and competition of consumers within electronic payments, while empowering consumers to securely share their data in a secure way in order to enhance their customer journey, the EU Commission has been working on a new Payment Service Directive (PSD3), and on 28th June 2023 announced a number of proposals to modernise PSD2.
Among the aims of this new directive is further improving fraud prevention, with an evaluation of PSD2 effectiveness. Although new fraud types have since developed, as stated by the European Commission, after the introduction of PSD2 one of the areas that has seen a positive improvement has been fraud prevention, thanks to the introduction of Strong Customer Authentication.
If you are interested to learn more about Transaction Risk Analysis, here you can find more information on Fabrick’s Advice solution.
Modernising payment services and opening financial services data: new opportunities for consumers and businesses | European Commission, 2023