As e-commerce continues to grow by leaps and bounds, the Payment Services Directive 2 (PSD2), particularly its section on strong authentication, aims to enhance online payment security and the fight against fraud. After a gradual implementation in the requirement for strong authentication, the regulatory timetable is coming to an end in most European countries. Authentication is therefore now required for all transactions (with some exemptions and transactions outside the scope of Regulatory Technical Standards (RTS)).
An incomplete understanding of the workings of this new regulation may have a negative impact on your business. Also, the PSD2 introduced the 3D Secure v2 (3DS v2) protocol, a new version of 3D Secure v1 – a security protocol designed to tackle money laundering and bank fraud
in online transactions. It became mandatory for merchants in France from 15 May 2021, although a transition period has been planned up until 2022 during which 3DS v1 and 3DS v2 can coexist. Whether you have migrated to the new version of the security protocol or not, you must anticipate the actions required to maintain a smooth customer journey.
What to do if you still work with 3DS v1
With the use of 3DS v1, you keep control over authentication triggers. If you decide not to trigger a 3DS for a transaction, you risk a refusal by the issuer: the soft decline. However, you can re-attempt it in 3DS to comply with regulations and issuers, thanks to a technology known as the “retry”.
This is a crucial mechanism because it makes it possible to retry the transaction in a way that is invisible to the customer. It’s all about performance. Although the use of 3DS v1 is accepted until October 2022 in France, timing matters when it comes to migrating to 3DS v2. Are you experiencing an increasing number of soft declines, and is this affecting your turnover? Migrate to 3DS v2 and take advantage of the exemptions without further delay.
What to do if you work with 3DS v2
You can apply for the exemptions. In addition to the model of subscriptions and other recurring payments, there are two main exemptions available to you: small amounts (<€30) and transaction risk analysis (TRA). Depending on your business and your sector, you may see a significant share of transactions <€30 and therefore the “small amounts” exemption may be an opportunity. But this bracket attracts the most fraudsters, and the exemption is dedicated to specific conditions of use (in terms of number of transactions and overall amount). Performing a risk analysis for each transaction turns out to be the most effective solution.
Appropriately categorise your transactions to optimise the frictionless flow
Do you get numerous refusals from issuersto your requests for frictionless? Analyse how your transactions are sent, and your return codes. Are the requests for exemptions well conveyed and, above all, justified? If you are the initiator of the transaction, for example the case of a payment in several instalments, you must label it as such: “Merchant Initiative Transaction”. Issuer responses help you understand why a transaction failed. Here are a few examples:
- Transaction declined by the banking
- network
- 3DSecure authentication failed
- Strong customer authentication
- required by issuer
- Exchange protocol failure
- Fraud suspicion
- Card not enrolled or 3-D secure
- unavailable
- etc.
Dalenys has launched his Fraud Premium solution, to help secure your payments and boost your conversion. Work out how much you could be making with our Fraud Premium solution now !
Download our white paper and discover our 5 keys levers for the performance of your online payment