Report concludes companies are unprepared for PSD2 and stricter requirements in the EU will drive fraud to other regions
PORTLAND, Ore. and Amsterdam, March 13, 2019 -- iovation, a TransUnion company, today announced the immediate availability of a report it developed with research and advisory firm Aite Group entitled, “PSD2: Advent of the new payments market in Europe.” The report includes original research and analyzes the consequences for the global online payments market around the revised Payment Services Directive (PSD2). By September 2019 payment service providers in the European Economic Area (EEA) have to comply with the directive's requirements for strong customer authentication (SCA) and third party access to bank accounts or risk getting their payment provider license revoked.
The report concludes the stricter requirements for fraud prevention in the EU will drive fraud to other regions such as the U.S. It also finds that most companies are unprepared for PSD2. In fact, a recent study by Mastercard found that only 25 percent of European online merchants are aware of SCA requirements under PSD2, 14 percent already support SCA, 28 percent mentioned they will be SCA ready by September 2019 and 24 percent have no plans to support SCA. Since companies providing payment services in the EEA are subject to the regulation, even businesses with headquarters outside Europe might need to comply.
“The zeitgeist of regulations with extra territorial effect like GDPR continues with PSD2. This will have long-standing operational implications to companies wherever they are based,” said iovation Compliance Manager, Mark Weston. “The merchants that succeed post PSD2 will be those that make consumer authentication as effortless as possible through methods like ‘invisible’ device-based authentication and biometrics. And with the likes of Facebook and Google becoming payment processors, merchants are going to have to compete with an ever widening marketplace.”
PSD2 will bring two major changes:
- Strong customer authentication: Payment service providers must apply two or more (multifactor) authentication methods for all electronic transactions unless such transactions qualify as "low risk."
- Third party access to payment accounts: Banks, card issuers and other financial institutions holding payment accounts must provide access to third-party payment service providers for the following services:
- Account information services like balance and transaction information
- Initiating payments directly from customer's bank accounts
- Availability of funds check to see if there are sufficient funds on the cardholder's bank account
“PSD2 changes the rules of the game for the global payment industry and is based on some of the same principles that constituted GDPR, enforcing consumer protection and security requirements on companies operating in the EU,” said Aite Group Senior Analyst, Ron van Wezel. “Varying choices in the implementation of the SCA requirements on a country and individual bank level, differences in interpretation of the directive, and different timelines may create confusion that merchants have to navigate. Businesses should be sprinting to get their house in order.”
The report is a joint Aite and iovation analysis of hundreds of pieces of secondary research coupled with about two dozen extensive interviews. Aite conducted those interviews between November 2018 and January 2019 with payment executives from banks and other payment providers.
For more details about the report findings, attend one of two webinars on Thursday, March 14: PSD2: The Advent of The New Payments Market in Europe.
About Aite Group
Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on the financial services industry. With expertise in banking, payments, insurance, wealth management, and the capital markets, we guide financial institutions, technology providers, and consulting firms worldwide. We partner with our clients, revealing their blind spots and delivering insights to make their businesses smarter and stronger. Visit us on the web and connect with us on Twitter and LinkedIn.
iovation, a TransUnion Company, was founded with a simple guiding mission: to make the Internet a safer place for people to conduct business. Since 2004, the company has been delivering against that goal, helping brands protect and engage their customers, and keeping them secure in the complex digital world. Armed with the world’s largest and most precise database of reputation insights and cryptographically secure multifactor authentication methods, iovation safeguards tens of millions of digital transactions each day.