The webinar ‘
Boost Acceptance Rates with AI-Powered TRA Exemptions’, moderated by The Paypers, provided valuable insights into optimising Transaction Risk Analysis (TRA) exemptions under PSD2 Strong Customer Authentication (SCA) regulations. Joining experts from Sift and Nestle, the webinar tackled various interesting topics, including:
-
PSD2 SCA regulations and TRA exemptions;
-
Balancing fraud prevention with UX;
-
Examples from physical goods merchants;
-
Fraudster tactics to bypass 3-D Secure authentication;
-
Best practices for implementing and optimising TRA exemptions.
Understanding TRA exemptions
TRA exemptions allow low-risk transactions to bypass SCA, thus reducing friction for customers. When correctly enforced, they can boost merchants’ revenue. Exemption eligibility depends on transaction value and the acquirer’s fraud rates, which vary between lower than 0.001% and lower than 0.13%. Lower fraud rates allow for higher value transactions (up to EUR 500) to be processed without requiring SCA.
Apart from TRA exemptions, there are other types of exemptions where SCA is not required – for low-value transactions (less than EUR 30 or the equivalent in foreign currencies) and merchant-initiated transactions (i.e. recurring subscription payments, where the cardholder has previously approved the payment). According to Visa Europe, it is estimated that
about 40-50% of ecommerce transactions by volume could be exempt from SCA if certain criteria are met.
Leveraging AI for exemption efficiency and enhanced customer experience
Learning how to properly implement exemptions by leveraging AI can positively impact merchants’ business and help prevent fraud before routing to 3-D Secure (3DS). Simultaneously, it can help merchants focus on high-importance risk signals, accelerate approval rates, reduce cart abandonment, and enhance customer experience.
Carmen Caballero shared the Nestle experience mentioning that, in some cases, merchants know their customers better even than their banks, as some still have poor notifications and fail to optimise SCA challenges. Carmen advises other merchants to understand consumers’ behaviour and their preferred payment methods to keep fraud levels low. By leveraging customers’ data properly, exemptions can be requested only on low-risk transactions.
Fraudster tactics to bypass 3-D Secure authentication
Fraudsters have become significantly more sophisticated by purchasing aged accounts to seem more trustworthy in the eyes of merchants. Through OTP (one-time-password) specifically created bots, they extracted one-time password from consumers by tricking unsuspecting customers into divulging their two-factor authentication codes.
Despite SCA requirements, there are still fraud risks, as fraudsters deploy accurate social engineering scams and fraud tools to bypass SCA. Thus, analysing customers’ behaviour signals remains crucial in stopping fraud at the door.
Best practices into optimising TRA accuracy and exemptions
The webinar also tackles the prevalence of fraud in the payments industry. Without a cohesive fraud prevention strategy, merchants risk damaging their reputation by sending fraudulent transactions through TRA. Thus, it is crucial to send clean traffic to acquirers to boost overall TRA exemption approvals.
At the same time, if fraud rates rise, merchants or acquirers may lose access to TRA exemptions, which can further lead to increased authentication measures and customer friction. Higher fraud rates can also lead to disputes, customer churn, and reputational damage.
PSD2 exemptions can be deployed for low-risk and low-value transactions, such as in the case of payments less than EUR 125 if the customer’s account password has not changed in the past 24 hours or if the IP location and the mailing address are on the same distance, within a 3 km radius. To pinpoint exemptions, merchants can use combined AI-powered risk scores with VIP lists and low-risk user behaviour.
Looking to step up your TRA exemptions game? Consider the following:
-
Understand your data and customer base;
-
Develop strong relationships with payment partners and acquirers;
-
Implement pre-authorisation fraud screening;
-
Deploy AI and ML models to accurately assess transaction risk;
-
Monitor and optimise your exemption strategy regularly.
Key takeaways
As PSD3 regulations are currently under development, it is important to stay informed about potential refinements to SCA requirements, especially regarding the protection of vulnerable groups.
Don’t miss out on more valuable information!
Watch the full webinar recording to enhance your knowledge with tips into stopping fraud, reducing friction for loyal, legit customers, and improving overall acceptance rates. Our guests, Britany Allen and Carmen Caballero, have more insights about handling TRA exemptions and their expertise will bring value to your future approach.
About Irina Ionescu
Irina is a Senior Editor at The Paypers, specialising in fraud and online payments. With a Ph.D. in Economics and a strong economic academic background, she observes developments in tech, innovation, and regulation, educating the audience about fraud prevention, chargebacks, scams, social engineering, digital identity, GenAI, and ecommerce.