Voice of the Industry

PSD2: How machine learning reduces friction and satisfies SCA

Thursday 26 March 2020 08:03 CET | Editor: Simona Negru | Voice of the industry

Andy Renshaw, Feedzai: ‘It crosses borders but doesn’t have a passport. It’s meant to protect people but can make them angry. It’s competitive by nature but doesn’t want you to fail. What is it?’


If the PSD2 regulations and Strong Customer Authentication (SCA) feel like a riddle to you, you’re not alone. SCA places strict two-factor authentication requirements upon financial institutions (FIs) at a time when FIs are facing stiff competition for customers. On top of that, the variety of payment types, along with the sheer number of transactions, continue to increase.

According to UK Finance, the number of debit card transactions surpassed cash transactions since 2017, while mobile banking surged over the past year, particularly for contactless payments. The number of contactless payment transactions per customer is growing; this increase in transactions also raises the potential for customer friction.

The number of transactions isn’t the only thing that’s shown an exponential increase; the speed at which FIs must process them is too. Customers expect to send, receive, and access money with the swipe of a screen. Driven by customer expectations, instant payments are gaining traction across the globe with no sign of slowing down

Considering the sheer number of transactions combined with the need to authenticate payments in real-time, the demands placed on FIs can create a real dilemma. In this competitive environment, how can organisations reduce fraud and satisfy regulations without increasing customer friction?

For countries that fall under PSD2’s regulation, the answer lies in the one known way to avoid customer friction while meeting the regulatory requirement: keep fraud rates at or below SCA exemption thresholds. 

How machine learning keeps fraud rates below the exemption threshold to bypass SCA requirements 

Demonstrating significantly low fraud rates allows financial institutions to bypass the SCA requirement. The logic behind this is simple: if the FI’s systems can prevent fraud at such high rates, they've demonstrated their systems are secure without authentication.

SCA exemption thresholds are:

Exemption Threshold Value

Remote electronic card-based payment

Remote electronic credit transfers

EUR 500

below 0.01% fraud rate

below 0.01% fraud rate

EUR 250

below 0.06% fraud rate

below 0.01% fraud rate

EUR 100

below 0.13% fraud rate

below 0.015% fraud rate

Looking at these numbers, you might think that achieving SCA exemption thresholds is impossible. After all, bank transfer scams rose 40% in the first six months of 2019. But state-of-the-art technology rises to the challenge of increased fraud. Artificial intelligence, and more specifically machine learning, makes achieving SCA exemption thresholds possible.  

How machine learning achieves SCA exemption threshold values

Every transaction has hundreds of data points, called entities. Entities include time, date, location, device, card, cardless, sender, receiver, merchant, customer age — the possibilities are almost endless. When data is cleaned and connected, meaning it doesn’t live in siloed systems, the power of machine learning to provide actionable insights on that data is historically unprecedented. 

Robust machine learning technology uses both rules and models and learns from both historical and real-time profiles of virtually every data point or entity in a transaction. The more data we feed the machine, the better it gets at learning fraud patterns. Over time, the machine learns to accurately score transactions in less than a second without the need for customer authentication. 

Machine learning creates streamlined and flexible workflows

Of course, sometimes, authentication is inevitable. For example, if a customer who generally initiates a transaction in Brighton, suddenly initiates a transaction from Mumbai without a travel note on the account, authentication should be required. But if machine learning platforms have flexible data science environments that embed authentication steps seamlessly into the transaction workflow, the experience can be as customer-centric as possible. 

Streamlined workflows must extend to the fraud analysts job

Flexible workflows aren’t just important to instant payments – they’re important to all payments. And they can’t just be a back-end experience in the data science environment. Fraud analysts need flexibility in their workflows too. They're under pressure to make decisions quickly and accurately, which means they need a full view of the customer — not just the transaction.

Information provided at a transactional level doesn’t allow analysts to connect all the dots. In this scenario, analysts are left opening up several case managers in an attempt to piece together a complete and accurate fraud picture. It’s time-consuming and ultimately costly, not to mention the wear and tear on employee satisfaction. But some machine learning risk platforms can show both authentication and fraud decisions at the customer level, ensuring analysts have a 360-degree view of the customer.

Machine learning prevents instant payments from becoming instant losses

Instant payments can provide immediate customer satisfaction, but also instant fraud losses. Scoring transactions in real-time means institutions can increase the security around the payments going through their system before it’s too late. 

Real-time transaction scoring requires a colossal amount of processing power because it can’t use batch processing, an efficient method when dealing with high volumes of data. That’s because the lag time between when a customer transacts and when a batch is processed makes this method incongruent with instant payments. Therefore, scoring transactions in real-time requires supercomputers with super processing powers. The costs associated with this make hosting systems on the cloud more practical than hosting at the FIs premises, often referred to as ‘on prem’. Of course, FIs need to consider other factors, including cybersecurity concerns before determining where they should host their machine learning platform.

Providing exceptional customer experiences by keeping fraud at or below PSD2’s SCA threshold can seem like a magic trick, but it’s not. It’s the combined intelligence of humans and machines to provide the most effective method we have today to curb and prevent fraud losses. It’s how we solve the friction-security puzzle and deliver customer satisfaction while satisfying SCA.

About Andy Renshaw

Andy Renshaw, Vice President of Banking Solutions at Feedzai, has over 20 years of experience in banking and the financial services industry, leading large programs and teams in fraud management and AML. Prior to joining Feedzai, Andy held roles in global financial institutions such as Lloyds Banking Group, Citibank, and Capital One, where he helped fight against the ever-evolving financial crime landscape as a technical expert, fraud prevention expert, and a lead product owner for fraud transformation.

About Feedzai

Feedzai is the market leader in fighting fraud with AI. We’re coding the future of commerce with today’s most advanced risk management platform powered by big data and machine learning. Founded and developed by data scientists and aerospace engineers, Feedzai has one mission: to make banking and commerce safe. The world’s largest banks, processors, and retailers use Feedzai’s fraud prevention and anti-money laundering products to manage risk while improving customer experience.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Andy Renshaw, Feedzai, SCA, financial institutions, debit card, mobile banking, contactless payments, PSD2, fraud, bank transfer, machine learning, payments
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime