Managing PSD2 – Main challenges for merchants and how to overcome them.
14th September 2019 – if you were part of the online payment accep tance industry in the months prior to that date, you might have been panicking. i still remember that time, having daily meetings about national competent authorities’ updated deadlines, grace, and transition, discussions with 3ds providers and with merchants, going through all the new requirements due to Strong Customer authentication (SCa), and the actions required by card schemes and payment service providers.
Three years later, we can say that the european payments industry has adapted to the new standards and, when i look at it from my personal experience, this was not an easy and smooth process. today, Psd2 and 3ds2 strategies are supposed to be on the checklist of everybody with a job title including the payments world and working for a merchant. But is this truly the case?
Over the last four years, i had more than 150 discussions (the number is still growing) with merchants, payment service providers, issuers, and fraud solution companies discussing Psd2, sCa, 3ds2, and exemptions. it is a sure thing to say that today’s level of preparation on this topic is way more advanced than the pure chaos and confusion that were everywhere in 2019. there are still some processes to be refined for merchants and payment providers, but what could be done today? Below you can find my personal point of view and answers to this question.
PSD2 and exemption strategy – are you doing it right?
if you don’t yet have a pSD2 or an exemption strategy, it is surely the time to start thinking about it. there is plenty of online documentation, experts, and providers that can help you. Before that, make sure that you actually understand the impact that pSD2 has on your business.
Your customer transactions might be mostly based on subscriptions and recurring payments, and you might be accepting mainly non eUtransactions, or managing highbasket amounts, which might not allow you to, for example, have a full 3ds2 exemption strategy.
Last year, I was happy to see merchants implementing their own 3ds2 and exemption strategies, but i am also still surprised to see many of them not fully understanding the importance of this topic, doing nothing, or leaving it to pSps. it is fortunate when authentication and exemption engines are automatically in place and out of the box, a case often uncommon on the pSp’s side.
Technical flow – have you checked if you support the best option?
A few times, i have heard people saying: ‘Once we finalised the implementation with a payment service provider, nobody will touch it, everybody is afraid to touch and modify something’. We need to keep in mind that when 3ds2 was introduced, many PsPs were under very high pressure to deliver ‘something’ – and one of the quickest and easiest ways to do so was to ‘adapt’ the 3ds1 to the 3ds2 flow. However, it has completely different steps that can be controlled directly by merchants (e.g., preparation request, authentication request, Challenge request), thus optimising the authentication flow and making it smoother for consumers, avoiding confusion with different tabs or popup openings. Counting the different UrLs in a payment authentication has become one of the new hobbies for a payments nerd like me.
Let’s keep in mind that the next version of 3ds 2.3 should be ready for market implementation soon, including some important updates that could be of interest to several merchants (e.g., secure payment confirmation).
3ds data – do you have the right data and KPIs in place?
Datadriven decisions are fundamental in payments, that’s not big news. having the right level of granularity and visibility is fundamen tal for any proper payment strategy. 3ds2 leverages way more data than the previous protocol, but what do you do with the data you get from your payment service provider – or 3ds serve – and how do you use it?
I currently still see many PsPs not offering data granularity at the level it is needed for 3ds2 (e.g., merchants are not aware of 3ds2 trans Status, which contains very important information or messages that should potentially be displayed to the end consumer). Moreover, PsPs are disclosing data in different bites, thus running the correct monitoring activities becomes a complex and difficult task, especially since merchants end up having to build data layer consolidations or run manual processes. We know that PSPs receive the data at a certain point, but they might have missed some development to display it fully to merchants, and it is important to be aware of and ask for it, to ensure that such topics get included in their roadmaps.
make sure that Psd2 and 3ds2 topics are included in your recurring discussions and QBrs payment performances are often not constant and require monito ring activities, time, and actions to make sure that everything runs smoothly, that acceptable conversion rates are maintained, and that Psd2 and 3ds2 compliance is not underestimated by merchants. Making sure that this part is covered in your payment checklist and monthly or quarterly business reviews should be required for any payment manager that wants to follow the best industry practices.
Beyond PSD2, what’s next?
PSD2 was a very important milestone for the european payments landscape, opening the path to payment innovation with Open Banking and bringing european payments to a new and higher level of security. as recently seen with this year’s consultations, we should soon expect news about Psd3, as a revised and complementary version of the current directive, where topics related to Open Banking, Buy Now, pay later, and Strong Customer authentication requirements are expected to be included.
I am very excited to see what will happen next. Meanwhile, if you want to discuss and chat about PSD2, feel free to reach out!
This article was originally published on the Paypers Cross-Border Payments and Ecommerce Report 2022-2023. For more information, please take a look here.