How Banks and Acquirers Can Deliver on the Benefits of PSD2 SCA Exemptions and Differentiate Their Merchant Services
PSD2 is an opportunity for acquirers to differentiate themselves by delivering improved services to their merchants, if they implement modern solutions to manage SCA exemptions. This will drive the best customer experience in combination with regulatory compliance.
Exemptions are an important part of the balancing act between protecting transactions and providing seamless customer experience. For many financial services firms that provide merchant acquiring services, this could be a key differentiator. For organizations that do not successfully implement SCA exemptions, it could negatively impact the business of their merchants and risk market share loss in the process.
It's crucial for organizations to realize the benefits of Strong Customer Authentication (SCA) by rapidly implementing differentiated services that bring added value to acquirers and merchants. I spoke to Jay Floyd, Principal Fraud Consultant Europe at ACI Worldwide, to find out more.
RT: Tell us a little more about SCA, exemptions, and why this seems to be a difficult part of risk and fraud management?
Jay Floyd: SCA is a key element of PSD2, which introduces additional security authentication for online, Card Not Present (CNP) transactions and alternative payments over €30. In February 2017, we saw the release of the regulatory technical standards (RTS) for SCA. RTS defines the framework for the implementation of PSD2 with primary focus on SCA, and Common and Secure Connection (CSC). In short, we could say that PSD2 covers the “what” aspect of the regulation, whereas the RTS defines “how” this is to be done. PSD2 may already be here, but the EBA recently acknowledged the need for financial institutions to implement SCA in a customer-centric manner, and the time needed to do this effectively.
The EBA has therefore delegated authority to National Competent Authorities to set in-country deadlines for compliance. This does not mean that the pressure is off, but it does provide a new opportunity for acquirers and payments services providers (PSPs) that were lagging behind in meeting the original September 14 deadline. Following publication of the EBA's Opinion, they now have a timeframe to implement SCA exemptions in a way that differentiates their business from the competition.
SCA aims to standardize practices across the EEA and reduce fraud, especially in the case of online transactions. It requires two independent sources of validation known as Two Factor Authentication (2FA) – this increased security obviously benefits banks and merchants, but if not implemented effectively, risks negatively impacting customer experience, with repercussions including cart abandonment. To mitigate this risk and at the same time improve customer experience, RTS does provide a number of exemptions to SCA, aimed at minimizing friction. These include:
- Low value payments exemption (below €30)
- Recurring payment exemption, such as subscriptions
- Trusted beneficiaries, including identified trusted merchants
- Secured corporate payments
- Transactions that real-time Transaction Risk Assessment solutions have identified to be low risk
Banks are in the business of customer experience and are accustomed to balancing this with regulatory demands. Acquirers are facing new fraud regulations, but are often too focused on the compliance piece of SCA instead of prioritizing the customer experience. There is a real opportunity to get ahead of the individual country deadlines for compliance if they act now.
RT: How can acquirers and PSPs do their part to minimize checkout friction?
JF: The checkout conversion rate is an incredibly important statistic because every abandoned shopping cart represents lost revenue for all parties in the payments value chain. And for large merchants dealing with thousands of shoppers every hour, even seemingly miniscule changes in a conversion rate can significantly affect revenue, positively or negatively. Thus, every online merchant is working to raise conversion rates as high as possible and they expect their acquirers to provide services that support this goal.
If the acceptance rate is too stringent and blocks genuine shoppers, this will inevitably lower conversion rates and cause a real loss in revenue. Fraud prevention strategies need to block fraud, but be sophisticated enough to allow genuine sales to flow through easily.
Exemptions can help to strike this balance – and they don’t need to be complex for acquirers, merchants, PSPs or any other party in the payments value chain. First, they need access to quality payment data. Then, this data needs to be organized into digestible pieces, often managed by a personalized dashboard and analyzed in real time. It’s all about gaining the ability to make real-time decisions on transaction risk and responding accordingly.
RT: What are some of the challenges faced by acquirers that need to be overcome to achieve this?
JF: All of the effort acquirers and PSPs put into gaining market share cannot be compromised by a poor strategy when it comes to SCA exemptions. The challenge is to have the right tools, build the right skills and create visibility – making it core to the business. SCA exemptions will become core the the merchant acquiring business in Europe because they directly impact the ability to grow market share.
With the right technology in place to make real-time decisions, implementing exemptions ahead of the regulatory deadline can be easy. Many see exemptions as “just another challenge to overcome,” but it is worth thinking strategically now to avoid future complexity as a result of a poor tactical decision.
ACI's UP Payments Risk Management solution has a proven track record in managing customer attrition related to fraud prevention. This experience now benefits acquirers as as they look to achieve compliance and manage customer experience in parallel, to minimize the impact of SCA and capitalize on the opportunity created by exemptions. This creates an accelerated path to market leadership.
RT: What will be the key benefits to merchants and PSPs?
JF: Support from acquirers and PSPs to minimize potential friction and excel in customer experience. Merchants could never justify building skills and proprietary solutions in this area, so they rely on their acquirers to bring best-in-class SCA exemption management in order to guarantee they will achieve their desired conversion rates, and that friction will not negatively impact their business.
The customer experience will also be improved through the ‘right’ level of friction; customers expect to be challenged on transactions that are obviously outside of their usual purchasing behavior. They may already feel nervous about such transactions, so they are reassured when SCA is triggered at the right time.
Want to achieve Strong Customer Authentication compliance while protecting and differentiating on the customer experience? Download our Five-Step Guide to Conquering SCA Compliance and thrive post PSD2.
Related Blog Posts
How Italian Banks and Processors Can Capitalize on Digital Transformation
The European payments landscape is in an era of significant change thanks to PSD2 and other macro factors, but there is more than one way to deliver real-time and open payments to meet PSD2 requirements and its technical standards. Banks and processors must manage this alongside their own set of domestic challenges and opportunities.
SWIFT gpi: Leveraging Cross-Border Payments for the Real-Time World
SWIFT gpi represents the evolution of business done over the SWIFT network, bringing correspondent banking into the digital era.
I’ve covered this topic before, but with gpi now reaching the two-year milestone, it’s a good chance to reassess the progress that has been made – and what is needed to drive further adoption.
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
Dedicated Followers of Fintech: Why Transaction Banking Never Goes Out of Fashion
Taking part in a panel at a recent corporate treasury conference, I was introduced as a ‘consumer payments expert’ – not an obvious qualification for sharing stage-time with serious corporate liquidity and cash management folk, but as the talk track was on mobile wallets and Open Banking, I had some reasonably safe and relevant content on which to fall back.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
Can Corporate Banking be as Easy as Ordering Pizza?
ACI recently hosted Greenwich Associates on a webinar to discuss corporate banking. While not a topic that would usually make attendees salivate, the discussion turned toward ordering pizza (maybe, because it was close to lunchtime) and Greenwich highlighted how corporate banking should be as easy as ordering pizza.
Modernizing Cross-Border Transfers with SWIFT gpi
The customer experience for domestic payments – retail and corporate – has recently undergone a complete transformation. There’s still plenty more that could be achieved, but the advent of real-time payments in combination with open APIs has seen the launch of Request for Payment services and direct eCommerce instant payments in the UK and Europe. And it’s not just the PSD2 push in Europe that’s driving change – in the U.S., Zelle is moving beyond standalone P2P payments to become an integrated part of the retail banking app experience, as well as being included in new kinds of corporate disbursements.
Instant + Open Payments = A Winning Combination
I recently joined a panel discussion at EBAday 2018, alongside representatives from across the payments ecosystem, and the clear consensus was that real-time payments will be the new normal. This was evidenced by some of the interactive polls carried out.
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.