PSD2 & Strong Customer Authentication

Why US based merchants need to pay attention to PSD2 changes

After its introduction on 14th September 2019, the new PSD2 Strong Customer Authentication requirements (SCA) will be enforced on 1st of January 2021 across all European Economic Area markets.

While merchants based in Europe are well aware of the PSD2 requirements and the changes needed for 3DS2, the same might not be for merchants based out of the United States.

3DS Adoption has been lower in the United States.

Historically, the adoption of 3D Secure in the U.S. market has been lower than the European region with just 18% of US-based transactions leveraging it. Several causes determined this low adoption led by the poor customer experience that 3DS1 has been offering to consumers, bringing higher cart abandonment rates in transactions. Lower security, mitigated by fraud prevention strategies, has often been preferred to the friction that this authentication method would have caused.

Even though the regulation covers only the EEA region, U.S merchants might still be severely affected by the PSD2 SCA requirements. The regulation recognizes merchants based on acquirer region and location, therefore if a US based merchant processes transactions via a European acquirer, transactions will need to be compliant and will require 3DS2 authentications. Merchants are highly recommended to get familiar with PSD2 SCA and 3DS2, and the impact on their business. To assist merchants in this regards, Payment Universe offers a 3DS2 starter package (free download here).

The same is also applicable to US based merchants that are considering expanding their business and presence in Europe, establishing a local entity to process payments locally. This requires a different technical implementation and more sophisticated transaction flows than transactions processed in the US domestic market.If you are a US merchants processing local transactions in Europe please contact us to learn more about how to be compliant with PSD2

If you are a US based merchant processing transactions locally in Europe contact us to understand how to be easily compliant with PSD2

Higher risk of fraud attacks for U.S. merchants

Another very important aspect to consider is the potential increased attention that fraudsters will pay on merchants that are not subject to PSD2 SCA requirements. With higher security standards for merchants processing via European acquirers, it is expected that fraudsters will increasingly be targeting  merchants that do not require and process with 3DS authentication (i.e. merchants selling in the European region and processing cross-border transactions with acquirers not from the region). For those merchants, it is highly recommended to keep this element in mind and to take  countermeasures both on authentication side , such as considering 3DS authentications for those transactions with 3D Secure 1 ( if their payment gateway does not support 3DS2) as well as to adjust the settings of their fraud prevention models to be ready to react to increased fraudulent behaviors.

In this case, if a considerably large part of the business comes from European traffic,  it would be highly recommended to establish a local entity to ensure the deriving higher acceptance rates in a PSD2 enforced environment where issuers in Europe will start to be more conservative and cautious in accepting cross-border non-authenticated transactions. 

PSD2: You don’t feel ready or you are not entirely sure about your 3DS2 implementation status and strategy?

Payment Universe offers customized solutions with the Practitioner package and the SCA in a box solution. Just fill out the questionnaire and we will get back to you shortly to help you to get the best out of the new authentication standards.