- 45% of ecommerce merchants are either following the minimum requirements or are still resolving the issues related to the regulation
- More than 30% of respondents are experiencing lock-ins and limitations related to provider specific tools and exemptions
- Fraud is still happening even on 3DS-authenticated orders, as stated by 39% of ecommerce decision-makers surveyed
A new study has revealed that nearly half of European and UK-based ecommerce merchants are still struggling to comply with the Second Payment Services Directive (PSD2), despite the regulation coming into full enforcement, following the extended deadline.
The study based on a survey of 207 decision-makers at organisations across Europe and the UK , commissioned by Riskified, a fraud management platform enabling frictionless eCommerce and conducted by Forrester Consulting, found that 45% of respondents are either following the minimum requirements of the regulation or are still resolving the issues related to PSD2 rollout.
And despite hopes that PSD2 would reduce fraud and make payments safer, 39% of merchants admitted that fraudulent chargebacks had increased on 3DS-authenticated transactions, negatively affecting their overall fraud rates.
Long way to optimisation
The PSD2 regulation was published in 2015, aiming to make Europe’s payment ecosystem safe, integrated, open and convenient. The regulation also introduced Strong Customer Authentication (SCA), requiring multi-factor verification for online transactions where a card is not present.
But more than a year after the first anniversary of the enforcement deadline across the European Economic Area, the study reveals that nearly half of organisations are either complying with baseline PSD2 requirements or are still in the troubleshooting mode, trying to resolve technical or integration issues, on their way to optimised payment strategies.
“The majority of survey respondents moved towards optimising their payment flows,” says Roman Korobkov, PSD2 Domain Expert at Riskified, “But those who are not ready yet are at a turning point in how to transform their payment strategy. These ecommerce merchants are attempting to work within these new guidelines while trying to establish equilibrium between user experience, security and compliance. But they are looking for some more transparency across the ecosystem to make things work.”
Fraud continues to proliferate
A large proportion of those surveyed revealed they had seen an increase in costs related to fraud prevention after PSD2 came into force. In fact, 43% said costs had increased, 3DS costs excluded, and of these, 57% said their spending increased by 25% or more compared to pre-PSD2 spending.
But while costs have gone up, merchants are still seeing an increase in fraudulent chargebacks on authenticated orders, negatively affecting their overall fraud rates. “While for many merchants 3DS, being an industry standard for Strong Customer Authentication, has proven to be efficient, it’s not a one-size-fits-all solution, and overreliance on it can be misleading. The technology is evolving, but so are the fraudsters, coming up with multiple ways of bypassing the security protocol, both flows – frictionless and with a challenge. Now it’s all about building the right strategy tailored to the needs of business using the right data, as well as solutions and technology available in the market”.
Lock-ins and limitations
80% of the merchants surveyed believe that exemptions, offered by a fraud prevention partner or by a payment service provider, are proving their effectiveness. With exemptions, 60% of merchants report they can prevent over half of their orders from having to undergo SCA.
Having said that, some ecommerce decision-makers also shared they are facing exemption-related limitations. While technically eligible for higher exemptions thresholds, they are not able to exempt more due to overall limits established by their payment service providers.
Decision-makers surveyed also opened up about finding it difficult to leverage solutions available in the market due to being limited by the payments ecosystems of their PSPs – 31% said they were locked into specific tools offered by payment partners.
״PSPs are the ones offering 3Ds solution and exemption engines, and they should be ready to open up their ecosystem and collaborate with solution providers to optimise the payment processes.“ Roman says. “Together with gaining more flexibility, optimising costs, improving authorization rates, and getting more orders exempted from SCA, ecommerce merchants can have access to more data and independently choose partners and solutions tailored to their specific needs.”
What’s missing from PSD2?
Despite the concerns raised by this survey, it also identified some potential solutions to help merchants comply with the regulation while decreasing fraud rates and increasing revenues.
Respondents revealed that more data and transparency would help organisations advance their PSD2 strategies. Nearly two thirds (65%) asked for greater transparency in payment processing fees, while 61% want regular updates on market performance, and 59% requested reviews of solutions available on the market to help optimise compliance with PSD2.
These findings highlight the need for better communication and transparency within fraud and payments ecosystem to help merchants evolve their strategies and move from troubleshooting to optimisation.
It’s also worth noting that merchants are not resistant to PSD2, but instead believe it has the potential to improve their business and are ready and willing to build strategies around PSD2 once the system is more transparent. Compliance itself is not the key goal. The respondents surveyed stated that gaining a competitive advantage by optimising their payment flows under PSD2 is crucial for their future strategy, alongside improved customer experience, higher conversion rates, and increased customer retention.
For more details, read the study “E-Commerce Fraud Prevention: What Is The Post-PSD2 State Of Play?”, available here: https://www.riskified.com/resources/report/post-psd2-state-of-play-riskified/