Getting a grip on PSD2 – how to handle friction while providing unrivalled user experience

PSD2 impacts everyone dealing with payments, independent if operating only in one certain country or across the EU market. The European Commission and the European Banking Authority introduced PSD (Payment Services Directive) in 2007, as it was recognised that consumers need a wider choice of payment services, enabling faster payments while increasing consumer protection and transparency. PSD2 is the newest regulatory directive building upon that to further increase customer security in the payment space. This was needed as more and more ecommerce business models emerged and hence ecommerce was growing fast. 

Fintechs, neobanks, wallet providers, and merchants like Zalando from all over Europe not only recognise the challenges but also work hard on reducing the friction that comes with the new regulatory directive. Ultimately, it is not only about allowing the customer to pay with their preferred payment method, it is also about the safety of the entire process (it needs to happen in the safest way possible). The challenge is to bridge the gap between providing secure transactions and minimising checkout churn by optimising the user experience in a regulated space – and it is vital to have a certain understanding of what the regulation means or what is defined and what not. Coming up with a strategy on how to address PSD2 and having an internal risk assessment plan are also two important steps. 

Strong Customer Authentication (SCA), as specified in a new Regulatory Technical Standard (RTS), is a particular challenge, as it can complicate the experience by introducing the friction of authentication. RTS defines the requirements and exemptions for SCA and secure communication between banks and the Third-Party Payment Service Providers (TPPs) in order to fight rising fraudulent transactions, which harm the consumers’ trust and the businesses. 

According to the new directive, three groups of factors are used for authentication: knowledge (something only the user knows – e.g., password), possession (something only the user possesses – e.g., a smartphone, a one-time password), and inherence (something the user is – e.g., fingerprint). The RTS requires that SCA uses at least two factors from distinct groups, and the selected factors must be mutually independent so that the breach of one does not compromise the reliability of the other. 

However, there are exemptions to SCA, especially for low-risk or low-value transactions, but we also have to count some use cases like contactless transactions at the point-of-sale, transport and parking fares, or payments to self. Additionally, the trusted beneficiaries’ use case can be interesting for merchants. The cardholder can request the issuer to whitelist a merchant so that SCA is not required on subsequent transactions to that merchant. Merchants can provide a flow in the checkout funnel so that the cardholder can request to whitelist a trusted merchant while shopping. However, allowing it depends on the respective bank. 

Acquirers can be exempted from SCA when they can provide a combination of an exemption threshold value (ETV) corresponding to a PSP reference fraud rate combined with other risk management criteria – e.g., the location of the payee is not identified as high risk. The maximum ETV is EUR 500, and it depends on the acquirers’ ability to manage the risk. 

These exemptions are important, as SCA also requires the implementation of 3DS for card transactions, which leads to some cart abandonments because cardholders have not learned to expect 3DS, but also because 3DS flows might differ, depending on the implementation. 

There are also grey areas like where to apply Merchant Initiated Transactions (MIT), as the RTS does not clarify if all the payment use cases are applicable to MIT, and each merchant should do its own risk assessment. 

Delegated authentication is also a strategic move to consider, which enables the merchants to take back control over the SCA implementation in doing the authentication in their own shop experience. However, this is also dependent on the acquirer and bank used. 

Ultimately, each merchant needs to decide on a set of strategies that comply with the challenges of SCA – by considering that not all aspects are defined yet, and the regulatory space answers regularly to new developments when it comes to fraud and customer security. 

While the regulation applies to the entire EU market, customer behaviour is different from market to market. More customers are getting used to 3DS, and the acceleration of ecommerce adoption due to COVID-19 boosts digital payments and credit card transactions – hence more customers get exposed to 3DS authentication and get familiar with the user experience. 

It is in the hands of each merchant to do everything possible to minimise the friction caused by SCA and to explore ways that will help them provide a good user experience. Start gaining knowledge about PSD2, gather data on bank readiness, experiment with what customers adapt to, collect data with research and A/B tests, and discuss options with your PSPs and acquirers/respective banks – these will ease the adaptation to new challenges. Do not wait, as the regulation is here to stay and actively approaching it might also help you gain a competitive advantage. 

This editorial was first published in our Cross-Border Payments and Ecommerce Report 2020–2021, which assesses the change of pace that occurred in 2020 and provides a comprehensive overview of the major trends driving growth in this space, being the ultimate source of information for players interested in selling across borders. 

About Floriane Gramlich 

Floriane Gramlich is the Director of Product for Zalando Payments. She is a senior product and commercial tech-savvy leader with broad international experience in strategy, growth, marketing, operations, business development, analytics, and product management, with over 15 years of work experience with companies like OLX/Naspers, Twitter, eBay, and PayPal. 

About Zalando 

Zalando is Europe’s leading online platform for fashion and lifestyle. Founded in Berlin in 2008, we bring head-to-toe fashion to more than 35 million active customers in 17 markets, offering clothing, footwear, accessories, and beauty. The assortment of international brands ranges from world-famous names to local labels. Our platform is a one-stop fashion destination for inspiration, innovation, and interaction. As Europe’s most fashionable tech company, we work hard to find digital solutions for every aspect of the fashion journey: for our customers, partners, and every valuable player in the Zalando story. Our goal is to become The Starting Point for Fashion and a sustainable platform with a net-positive impact for people and the planet.