PSD2 was met with great fanfare upon its introduction. A 2013 European Commission memo said expanding the “substantial benefits” of the 2007 Payment Services Directive was the key aim. PSD2 would unify Europe’s payment market, create a level playing field for payment service providers (PSPs), ingrain better consumer protection, reduce payment prices, and impose common technical standards.

For many merchants, reality has failed to meet expectations. In a new Forrester Consulting study commissioned by Riskified, “E-Commerce Fraud Prevention: What Is The Post-PSD2 State Of Play?” among 207 surveyed decision-makers from e-commerce organisations across the EU and the UK,  45% of respondents said their organisations reported that their organisations were either complying with the baseline requirements of PSD2 or still resolving technical issues to be fully compliant. Fraud rates – a key concern for 92% of respondents – remain an issue, with over a third reporting that chargebacks on 3DS-authenticated orders have actually increased since the directive’s introduction.

In addition, the payment partners that merchants sought out to aid with compliance have only piled on additional complexity. 31% of respondents agreed they were locked into using specific tools offered by their payment providers, limiting access to alternatives that could improve conversions. 32% agreed that implementing tools to aid compliance had been more complicated than anticipated. And 34% of respondents shared they are facing limitations when trying to exempt low-risk orders.

Roman Korobkov is a product marketing manager at Riskified and a PSD2 expert. He weighs in on lock-ins, limitations, and how to reach the promised land of boosted conversions and optimised customer experience.

PDS2 promised to tackle fraud and increase uniformity via new authentication processes. What is the reality for merchants and PSPs?

PSD2 authentication does introduce some friction for end-users. But the regulation also provides opportunities for the merchants to work around this friction via exemptions. For example, one of the most popular types of exemptions is called transaction risk analysis (TRA). Orders deemed low-risk can go straight to authorisation without undergoing unnecessary verification steps.

What kinds of limitations have emerged?

The lower the aggregated fraud level of the acquirer is, the more exemptions the acquirer can provide to the merchants. As a result, acquirers are interested in working with low-risk merchants, and low-risk merchants are interested in working with acquirers who can give them more exemptions. However, if an acquirer is limited to €150, for example, orders above €150 cannot be exempted, even if you are a low-risk merchant. It’s technically possible to be flexible regarding who your payment partner is, but it’s a hassle. So, for low-risk merchants, this limitation reduces the opportunity provided by the regulation to exempt more low-risk orders.

Another problem that has emerged – merchants reported being “locked” into specific solution ecosystems stopping them from pursuing alternative ones to evade these limitations. Can you explain this in more detail?

Very often, a merchant working with a payment service provider (PSP) can only use the solutions that this PSP offers, not those outside their ecosystem. PSPs are aiming to optimise payments for all their clients and those wider interests differ frequently from the specific merchant needs. A relevant example here are PSD2 exemption engines sometimes being a part of a package offering. PSPs may distrust third-party recommendations and decisions for their good reasons, however that limits merchants from investing in other solutions that are targeting their business goals more accurately.

What opportunities should merchants be looking for if they can get around these lock-ins and limitations?

Opportunity number one is reconsidering the relationship a merchant has with its PSP. In some cases, merchants don’t receive enough data or they might find it hard to make use of it. Speaking about PSD2, merchants must understand what part of their volume is in the scope of the regulation and what isn’t. If it’s in scope, know how many orders can be exempted from strong customer authentication (SCA), how many orders require SCA, and what happens to these orders afterwards. Answering these questions will help merchants optimise their processes and increase their top line revenue. And those answers need to be used as negotiation tools. Unfortunately, sometimes merchants have to go to their partners, instead of the PSPs proactively looking for those answers and sharing them.

What solutions should merchants consider to address their PSD2 inefficiencies and fully exploit the opportunities?

“Lock-in” means that the merchant can only use the solution provided by a single partner. However, in this specific scenario much more data could be analysed allowing merchants to exempt more transactions, get better user experience and ultimately increase their revenue. To achieve these objectives, they can look to PSP-agnostic PSD2 recommendations provided by fraud prevention and data management platforms. We think that merchants working with multiple PSPs can get the best of it by sharing this data with them and ultimately getting a higher exemption acceptance rate.

How is Riskified helping to address these problems?

It’s vital to allow a merchant the opportunity to exploit the value that other market players can bring. It’s one of the points shared by payments and fraud decision-makers, as detailed in the study. To get more orders approved a high level of trust needs to be established between merchants and their partners. To build this trust, Riskified brings the power of our global network and adds an extra layer of context to every transaction we analyse. With this knowledge, we built an intelligent risk assessment tool to analyse every order before it enters the authentication path. With a high level of accuracy, we can tell if a particular order needs to be exempted, authenticated, or declined. One of our partners, a payment orchestration platform, is sharing these recommendations with their customers. On average, we are able to exempt almost 98% of orders from undergoing SCA.

How would you work with a merchant to create a solution tailored to their needs?

We first need to understand what the current merchant performance in relation to PSD2 in order is to assess how to optimise the payment flow. This means analysing the numbers to determine what volume is in the scope of the regulation and what is out of scope and what is the risk profile. Based on that, we can calculate how many transactions are eligible for exemptions. We must also understand who their existing PSPs are to see if we can start exempting orders above or below certain levels. And optionally, we want to make sure that their payment providers are ready to partner and trust the recommendations that we provide. After that, the process itself is a smooth one. We constantly analyse the data to ensure our decisioning engine works in the most accurate way possible for individual merchants, enabling results to improve consistently over time. For one merchant, we saw an initial uplift during the pilot project, and then three months after the final implementation, they saw a more than 10% boost in the conversion rate.

What is your main tip for merchants struggling to optimise their payment flows in a post-PSD2 world?

To optimise payment flows – generally and under PSD2 – make sure you have identified the areas for optimisation and that you are aware of the opportunities the market has to offer. The wider context fraud intelligence and risk assessment platforms can add it is vital for seeing the real picture behind every order and for building trust within the ecosystem. Suppose we are talking about doing good for merchants, for consumers, and about making their lives easier, at least the part related to payments. In that case, the best approach is a better cooperation within the ecosystem, where fraud prevention, risk intelligence, and payment providers are working together. This will allow merchants to get access to valuable data and context which are so very much needed, and leverage it all in their everyday operations. This will help resolve many issues— for PSD2 and beyond.

To gain more insights on how merchants are seeking to optimise their PSD2 payment flows, overcome obstacles, and gain a competitive advantage, download the study below.