Voice of the Industry

PSD2 is great, but not without its challenges - financial crime prevention tops the list

Wednesday 11 December 2019 08:23 CET | Editor: Oana Ifrim | Voice of the industry

Gunnar Koren, EVRY: Fraud prevention solutions need to help lower shopping cart abandonments, support a wider range of payment scenarios, and reduce fraud losses alongside an improved customer experience

Open Banking is here. While we have yet to see its true impact, banks everywhere are reacting to a multitude of opportunities and challenges that come with it. Open Banking has lots of promises and the expectations are high for a brighter future for the banks, fintech companies, and consumers alike. In Europe, Open Banking was made a reality by the second Payment Services Directive (PSD2). This is one step towards Open Banking and one giant leap for financial services.

However, alongside this huge opportunity, we are observing a rising concern around how this new Open Banking environment will attract new types of fraud, particularly in the context of remote payments. That is why the regulators have made fraud prevention a cornerstone of PSD2.

Open Banking Report 2019

Strong Customer Authentication (SCA) is laid out in the Regulatory Technical Standards (RTS) of the PSD2 and 14 September 2019 is the official live date. The deployment of SCA to secure every payment over EUR 30 it is likely to cause a headache across the payments value chain because it is a decentralisation security solution, whereby every stakeholder must be compliant, from the account service payment provider (i.e. the bank) through to the acquirer, merchant, and cardholder. The expectation within the industry is that the impact on customer experience will be detrimental as additional friction is introduced into the consumers’ payment process. This is precisely the reason why the regulators have allowed exemptions to be applied.

Open Banking, unless managed properly, has the potential to be an open door for the fraudster. As it was seen with the introduction of chip and PIN at the point-of-sale, fraudsters turned their attention to ecommerce. The same reaction is expected after the implementation of SCA. Following a successful deployment of SCA, fraudsters will gravitate towards the easiest point of compromise and refocus their techniques to take advantage of any new weaknesses within Open Banking. There will be new types of fraud to emerge, requiring a proactive response from fraud prevention systems. Identity theft and mimicking TPP requests are expected to be prominent examples among an array of new fraud patterns.

In a truly Open Banking environment, the concept of an offline or an online channel will be a thing of the past. Consumer behaviour is omnichannel and the wider the range of payments that banks must handle, the more crucial the need for a fraud prevention and crime reporting solution to be compliant with the PSD2 Transaction Risk Analysis (TRA) requirements. That SCA deadline is not going away, however, there is some inconsistency amongst the national competent authorities. The Central Bank of Ireland has just announced a delay to the rollout of SCA rules, similarly to the UK, where the FCA has confirmed an 18-month delay. Many banks are just not ready or unable to properly match the needs of the national competent authorities reporting regimes and that is why some are turning their attention to a managed solution.

What does this mean for those thousands of issuer banks that have limited IT resources or have outsourced their fraud prevention and crime reporting services to a third-party service provider? The minimum requirement in the RTS description of the regulatory reporting is that detailed loss rates by exemption must be provided every 90 days.

The overall goal is to obtain reliable data and comparable data as it relates to payment fraud. Reference fraud rate statistics must be broken down across the different payment types, currently remote card payments and remote credit transfers, including where no exemption is deployed. This will be an onerous process for many account service providers. Unfortunately, there is a very limited number of providers that can offer a comprehensive fraud prevention solution as well as the ability to provide all the necessary additional regulatory fraud reporting in accordance with Article 96(6) of the Directive.

Here at EVRY, our financial crime prevention platform has been developed to address the challenges posed by the PSD2. EVRY’s Risk Based Authentication (RBA) risk engine, which includes Transaction Risk Analysis (TRA), has ‘baked’ into the offering the necessary risk analysis for remote electronic cardholder-initiated transactions (CIT). It also supports monitoring of recurring payments and trusted beneficiaries, low-value transactions, and the exemptions from SCA. Exemption management has been identified as one of the most crucial areas for our clients, reducing their compliance burden and ultimately providing a better experience to their customers. The platform also has a reliable and auditable exchange with the different stakeholders in the ecosystem to help Account Servicing Payment Service Providers (ASPSP) to monitor payment transactions within the RTS. EVRY is also deeply engaged in employing artificial intelligence and machine learning to mitigate fraud patterns in the Open Banking environment.

EVRY’s managed solution delivers on the three crucial requirements. Firstly, it provides a service for the issuing bank to be compliant with the new regulatory reporting requirements of the RTS in the context of SCA – not only for card payments, but also for credit transfers and all the other TPP-type initiated payments. Secondly, its fraud prevention keeps within the tight thresholds of permitted fraud rates and statistical needs of the regulatory technical standards. Lastly, it can best optimise the use of exemptions and their application as determined in the RTS for SCA.

As consumers increasingly shift from cash to electronic payments for everyday payments, transaction volumes rise and the average transaction value falls. Fraud prevention solutions need to help lower shopping cart abandonments, support a wider range of payment scenarios, and reduce fraud losses alongside an improved customer experience.

Open Banking Report 2019 About Gunnar Koren 

Gunnar Koren is a Head of Financial Crime Prevention Services, Financial Service at EVRY. Gunnar leads an operation of 120 employees and 100+ customers and has transformed Financial Crime Prevention Unit from Card Transaction Monitoring Service to a state of the art full PSD2 compliant Managed Service that monitors both account and card transactions and AML using AI in real time.

About EVRY

EVRY offers a broad portfolio of solutions that help banks manage continuous change and support the next
generation of banking services. We cover all the core services involved in banking. In the financial services area, EVRY has 1,500 employees, providing in-depth understanding of the opportunities and challenges of the banking and finance market. In total, EVRY has some 10,000 employees and reports annual turnover of GBP 1.15 billion.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Gunnar Koren, EVRY, Open Banking, financial crime prevention, PSD2, SCA, payments, banking, fraud, banks, customer experience
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: Europe
This article is part of category

Securing Transactions