Q&A: How PSD2 will impact fraud on Black Friday
With online spending continuing to rise online for Black Friday, web retailers need to consider how best to ensure PSD2 compliance in order to keep consumers secure without compromising their user experience.
by Tim SandleAcross Black Friday, it is important that e-commerce merchants and retailers understand the requirements around the European Union Payment Services Directive (PSD2). PSD2 will also require stronger identity checks when paying online. There are several aspects which impact on the customer experience and which will help retailers to reduce fraud. However, retailers need to stay compliant.
To look into this issue in more detail, Digital Journal spoke with Frederik Mennes, Director Product Security at OneSpan.
Digital Journal: What will Black Friday spending be like this year?
Frederik Mennes: The holiday shopping season is the World Cup of retail. Black Friday and Cyber Monday kick off the shopping season worldwide, with an estimated online holiday spending of $768 billion, an increase of 15 percent.
DJ: Do consumers need to be aware of fraud risks?
Mennes: While it is imperative for users to be cautious of fraud, it helps when governments and regulators accommodate online security. PSD2 is an example of such an initiative. But what does it mean for consumers and merchants? And how will this regulation help fight online fraud this holiday season and all year long?
DJ: What is PSD2?
Mennes: PSD2, the second Payment Services Directive issued by the European Union, aims to regulate and harmonize the internet payment security across Europe, while also opening the market by enabling new third-party companies to enter the payments space. PSD2 builds on previous legislation by enhancing security through Strong Customer Authentication (SCA) and enabling third-party access to account information. P
SD2 mandates that all online card payments should be protected with SCA. This not only pertains to internet banking transactions, but also to e-commerce card payments. To meet the SCA requirements of PSD2, authentication must be based on two or more of the following factors: knowledge (e.g. passwords or PINs), possession (e.g. tokens or mobile devices), and inherence (e.g. biometrics). In the UK, the deadline is set on March 14, 2020.
Apart from SCA, PSD2 also mandates the use of transaction monitoring to deter fraudulent payments and prevent threats like account takeover, new account fraud, and mobile fraud. Mobile, application and transaction data is analyzed in real-time to detect known and emerging fraud types, whether through machine learning, more traditional rule-based systems or a combination of the both. This analysis produces a transaction risk score, which can then drive intelligent workflows that trigger immediate action based on pre-defined and/or customer-defined security policies and rules.
DJ: How important is adding an extra security layer?
Mennes: It's important for merchants of online shops to be compliant with PSD2 this holiday season and all year long, since they fall under the e-commerce online payment transaction set of rules. There are several technologies to do this, but an easy way to meet the requirements is by implementing 3-D Secure. This security protocol links the financial authorization process with the online authentication and provides a frictionless shopping experience that combines ease, speed and security. For example, when a customer wants to purchase a gift online, he or she clicks the payment button. A pop-up screen asks him or her to authenticate and confirm the card payment. There, the customer enters a personal password or security code that is verified by the card issuer, typically a bank, and the payment is processed.
DJ: How does 3D secure help retailers?
Mennes: By implementing 3-D Secure, merchants can have peace of mind that their customers are secure, as the security protocol reduces the number of fraudulent online activities, such as identity theft and unauthorized card use. Via 3-D Secure, the merchant can check whether a buyer is a legitimate cardholder, meaning the liability shifts from the merchant to the customer’s card issuer. If a fraudster tries to purchase something online during this holiday shopping season, 3-D Secure will prevent it from happening.
DJ: Do you have any other advice for retailers and consumers?
Mennes: Fraudsters don’t take time off during the holidays. In fact, it’s one of their busiest times, as they capitalize on the spikes in transaction volume to try and take advantage of busy shoppers and evade security processes. Last year, nearly a quarter of shoppers experienced an attempt at fraud over the Black Friday/Cyber Monday weekend. Given the increased risk, it’s vital that customers and merchants stay vigilant. By implementing fraud detection technology and complying with regulations, online retailers will be able to stay one step ahead of cyber-criminals and keep their customers safe this holiday shopping season.