Byline from Pierre-Antoine Vacheron, CEO Natixis Payments
Most of us are already familiar with strong customer authentication for our online payments or when banking online, but the industry had demonstrated ever increasing creativity to enable still seamless customer journey, one-click payments, or no-click payments, on the back of advanced fraud engines, at least for high street merchants.
Enforcement of the second European payment services directive, or PSD2 is undoubtedly reshuffling the cards. This new regulation aims at securing online payment while also enhancing consumer protection, through Strong customer authentication, and while this particular aspect of the directive may seem innocuous when compared to the other components of PSD2 – such as opening the market to new participants – it is worth taking a closer look.
As of September 14, 2019, all online payments of more than €30 will have to use strong customer authentication. In practical terms, this means that European consumers will enter their credit/debit card details online and then have to confirm their purchases notably via a code received by text message, complying with the 3D Secure protocol, which is the most frequently used e-commerce security mechanism.
Will e-commerce be a victim of PSD2?
Strong customer authentication is obviously not a particularly easy user experience: it severely cuts back fraud, but it creates friction and lengthens the purchase time. Risks are high to reduce the number of customers who take their cart right to the end of the purchase process, as some consumers abandon their transactions when the purchase experience is too complicated. Systematic use of the 3D Secure protocol could potentially cause e-commerce companies to lose a hefty portion of their online sales.
However, the directive does provide for ways to avoid strong customer authentication by conducting transaction risk analysis and using information on the overall fraud rate observed.
The decision to use strong customer authentication is also a hefty challenge for issuers and issuing banks, as they decide exactly how they want to protect their consumers, their liability and their online transactions. Some market participants can take a zero risk approach and decide to apply these security measures on a permanent basis to ward off fraud, but there is a danger that they will rile their most active clients. Others will use their own risk analysis to decide whether to apply the strong customer authentication protocol or not.
Safeguarding consumer journey and e-commerce merchants revenue
Here at Natixis Payments, we support constructive dialogue between merchants and banks and issuing players, and encourage carefully-considered application of strong customer authentication by using our own expertise and a detailed analysis of risks. By taking this approach, we can safeguard both e-commerce companies’ business and consumers’ purchase experience. We have already taken a number of steps that will be key for the future i.e. risk analysis, implementation of the new 3DSv2 version of the 3D Secure protocol at Dalenys and Payplug, all-round supervision of transactions, etc.
We are well prepared to support merchants with selective strong customer authentication and are also working on implementing another system outlined in the directive to simplify the purchase experience and support our e-commerce company clients . Our Caisse d’Epargne and Banque Populaire consumers will be in a position to draw up a list of trusted e-commerce beneficiaries to avoid systematic strong customer authentication for their regular purchases.
Taking an omni payments approach
Right at the very center of this new PSD2 regulatory framework, we are also developing an omni payments strategy to offer the same value beyond card payments, in an ecosystem that tends to be increasingly diversified in the way consumers want to pay online.
Natixis Payments is able to skillfully manage our clients’ risks and provide a smooth and secure purchase experience on the back of our Dalenys and Payplug edge in combating fraud and as a result of our issuing capabilities within Groupe BPCE and through our S-MONEY platform.
Happy to meet @ M2020 in Amsterdam (3-5 June 2019) with our experts from @Natixis Payments and @Dalenys.