PSD2: How Will New Regulations Affect Retailers?

In September 2019 new rules will be implemented by the European Commission to improve online payment security and ease-of-use for consumers. But how will these affect retailers? Staff Writer Hannah Stevenson discusses.

New PSD2 regulations aim to support clients across Europe and offer safer, easier online payment options.

These new regulations seek to modernise Europe’s payment services to the benefit of both consumers and businesses, so as to keep pace with this rapidly evolving market. They include the prohibition of surcharging, introducing new methods of verification and opening the European payment market to companies offering payment services, based on them gaining access to information about the payment account.

Whilst these regulations offer reduced hassle for spenders, they also come with stringent anti-fraud stipulations, which could potentially cause havoc for retailers, as Rene Hendrikse, EMEA MD of Mitek comments.

“Despite better deals, access to new products and services, and better control over their money, there is a dark side to open banking – the potential for fraud will grow exponentially. To tackle this, the regulator has introduced ramped up identity checks, with the addition of rules around ‘strong customer authentication’ (SCA) coming into force in September. But recent warnings from e-commerce groups suggest online retailers may not be able to process online transactions – and could miss out on billions in sales as a result.

“Sooner rather than later, retailers must recognise the need to invest in anti-fraud technologies. With the new anti-fraud rules, every customer will have to be authenticated by at least two of the following criteria: something they have, something they are, and something only they know. Come September, this will be necessary for every online transaction. This could include an ID document, a biometric identifier, and a security question, going beyond simply your card details as is the current standard. This introduces an additional layer of security to defend against the threat of fraud from online transactions – but it also presents a challenge for organisations to implement with only months to go.

“Online retailers must focus on putting the technology in place to be able to verify customer identities in line with PSD2. Regtech, technology that helps achieve regulatory compliance, will play a more important role than ever before. For example, identity verification technology handles the “are” and “have” of SCA, by verifying an ID document against a selfie. AI-driven anti-fraud technologies will be crucial to monitoring for and stopping fraud when it occurs.

“Within the next few months, investing in the right technologies and implementing them quickly and efficiently should be top of the agenda for retailers and e-commerce groups. If not, they will find themselves in serious trouble.”

Andy Cory, identity management services lead, KCOM, added that whilst the ideas may be good, they were going to cause issues for those looking to implement them.

“It’s not surprising that retailers and banks alike are voicing concern over the oncoming PSD2 online transaction deadline. The depth and complexity of both the infrastructure and the integration between platforms that are required to make confirming to the standards a reality mean that many companies simply aren’t ready.

“For customers to validate online purchases with biometrics or code entry, retailers and other third-party providers have to integrate their systems with multiple financial institutions and multiple endpoints. If that sounds complicated, it’s because it is.

“It’s essential that organisations have a granular plan for the whole process of integration. Retailers need to take the time to identify exactly what’s going to be required, where and how new APIs need to be both developed and consumed, and how the project will progress from start to finish. Effective planning is essential for a successful PSD2 integration project.

“The bottom line, though, is that many retailers and service providers just don’t have the expertise to put these regulatory requirements into place. In the digital age, we’re told that ‘all companies are tech companies’, but in reality, that’s not the case. Instead, retailers and service providers need to work with the right technology partners to ensure a smooth journey to compliance.

“By working with an integration expert that fully understands the complexity of PSD2 and a software vendor that can meet the technical requirements, organisations can minimise the stress and difficulty of integration, while at the same time optimising customer experience. Compliance with this regulation doesn’t have to be an anchor around retailers’ necks – they just need to work with the right partner.”

Overall, companies and consumers alike need to make sure they fully understand these new regulations, and firms need to make sure they are working with trusted technology partners to amend their infrastructure as required.