In June 2023, the European Commission released its proposal for updating the EU’s payments legislation, PSD2 (Revised Payment Services Directive).
The most recent version, PSD2, is a set of laws and regulations for payment services in the EU and the EEA (European Economic Area). The directive enables PISPs (Payment Initiation Service Providers, managing payments in and out of an account) and AISPs (Account Information Service Providers, allowed to retrieve account data) to emerge. Banks were forced to offer these service providers a means of both accessing user account information, as well as enabling transactions to occur via one of the aforementioned intermediaries.
The Commission recognised the challenges faced by PSD2 in achieving a level playing field for all PSPs. Non bank PSPs often lack direct access to key payment systems, leading to an imbalance between bank and non-bank PSPs. PSD3 aims to address this by amending the Settlement Finality Directive, adding payment institutions to the list of firms able to participate directly in payment systems.
PSD3 aims to focus on the licencing and authorisation of payment and e-money institutions. The PSD3 will provide benefits within the ecommerce space, as it enables PSPs to share fraud-related information in order to enhance transaction monitoring. Alongside this, PSPs will be obliged to provide education on payment fraud awareness to their customers and staff, while refund rights will be extended for victims of IBAN/name verification failure or ’spoofing’ fraud.
Ecommerce users and customers are becoming used to frictionless payment preferences and have the tendency to abandon a cart if there are too many steps during the checkout process. However, fraud management tools add friction to the checkout process, which is not compatible with the desire to achieve an effortless shopping experience. Moreover, businesses are concerned that strict prevention measures can cause legitimate orders to get rejected, which will not only result in decreased sales but might also lead to the loss of a lifetime customer. After all, no shopper wants to be treated like a criminal.
Omnichannel retail is leading the ecommerce business, as it promotes sales and provides a holistic customer experience. However, this also presents challenges to fraud prevention. With customers constantly moving between different devices and channels, fraudulent activity is becoming harder to spot and requires a more sophisticated analysis of customer behaviour. Thus, fraud prevention no longer depends on a single, static view of the customer, but rather requires data on the whole customer journey.
Although customer data is an integral part of fraud detection, it can also be a source of vulnerability. The account setup process usually requires customers to provide personal information, which in the case of a data breach, can be utilised by fraudsters. Legitimate customer information is often sold on illegal markets to facilitate fraud. Moreover, traditional data protection methods, such as passwords, might also compromise data security.
PSD3 will need to achieve a balance between providing more secure transactions without increasing friction in the transaction process. Its aim to incorporate open finance principles for secure data sharing and competition, while optimising SCA (Strong Customer Authentication), will potentially reduce this friction.
Data is produced and analysed throughout every transaction. One way to keep friction to a minimum, but also have an in-depth fraud detection process is to implement the use of AI. This can analyse individual orders based on behavioural biometrics data (e.g., how a user typically navigates the site), as well as their purchase history and recency of other online orders.
When the algorithm flags orders as suspect, it is important to have in-house or outsourced fraud analysts available to review them quickly, to avoid decisioning delays that could cause the customer to cancel the order. These reviews can reduce the likelihood of mistakenly rejecting safe orders.
Tokenization is another valuable fraud prevention strategy which utilises a plethora of data. In short, tokenization replaces sensitive account and card information with something that cannot be decrypted, thus securing the transmission of sensitive data. This precludes data breaches and prevents fraudsters from obtaining customers’ data.
It has been observed that the current restraints in the exchange of data between participants in the payment chain hamper further innovation and improvement of customer experience. Data will be of high importance, as the PSD3 requires businesses to share more data with issuers, allowing them to monitor environmental and behavioural characteristics such as user location, transaction time, devices used, spending habits, transaction history, session data, and device IP. As a result, they can increase approval rates by better determining which transactions to approve and which to decline.
Payment schemes and PSPs will also be allowed to process personal data for fraud prevention, even without explicit user consent, under the GDPR (General Data Protection Regulation). This only applies if they use the data to prevent fraud.
This data sharing will have to be very secure to limit potential security risks. The Commission aims to realise a framework for responsible data sharing, by taking measures such as requiring that ASPSPs (Account Servicing Payment Service Providers) offer users a permission dashboard to easily manage and withdraw permissions for access to their data. Data surrounding topics such as life, sickness, and health insurance will be excluded to avoid undesirable consequences.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2023-2024, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
As a Senior Research Analyst at Juniper Research, Cara provides expert analysis and commentary on the most important developments within financial markets. Visit the website to download a sample of their latest online payment fraud research.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now