FB pixel

Small businesses face fraud and compliance challenges with PSD2 deadline looming

Small businesses face fraud and compliance challenges with PSD2 deadline looming
 

Small businesses are not ready for the looming PSD2 deadline, Accertify has heard from a number of different sources at industry events and in interactions with merchants, according to the company’s Product Manager James Pinborough. The EBA is due to begin enforcing the new PSD2 rules, which mandate strong customer authentication (SCA) and could drive demand for online biometrics, at the end of calendar 2020, with the UK following three months later.

Accertify has previously argued that the strong customer authentication requirements of PSD2 are the biggest hurdle the regulation poses for merchants.

Changed implementation deadlines and different grace periods may be leading to some confusion, Pinborough tells Biometric Update in an email interview, but the problem goes further.

“Some merchants also do not view PSD2 as their issue and they are relying on their acquirer to manage it,” Pinborough explains. “Whilst the merchant is not regulated by SCA, it is the merchant who will be most impacted by any lost sales. Despite the extension from the regulators merchants are finding it challenging to implement the authentication changes required to support SCA. Deployment of 3DS and enablement is proving slow. Merchants should actively work with their acquirers and not be left out to have their transactions declined by the enforcement dates.”

Asked if a shrinking field of easy targets for fraudsters as the implementation deadline approaches makes strong authentication a fraud security issue even before it becomes a compliance one, Pinborough notes that “fraudsters will always target the weakest link,” and merchants that delay 3DS implementation will be an easier target.

“That is not to say that 3DS will resolve all fraud issues but it does greatly increase the security of the payment. 3DS is a very valuable fraud prevention tool when it is deployed correctly and applied intelligently.”

Pinborough also notes that many retailers will be hoping for major increases in sales volumes towards the end of the year holidays and in post-holiday promotions, which makes it a poor time to launch a new payment strategy.

Accertify has some practical advice for SMB merchants acting quickly to protect their revenues, starting with an analysis of the business to see how they will be impacted by SCA.

“For example, what is their average ticket value?” Pinborough asks. “How does this compare with the SCA thresholds for Transaction Risk Analysis (TRA)? Does the merchant process a high amount of Merchant Initiated Transactions (MITs) which are out of scope? Do they have significant sales from outside the EEA? How are they going to identify these, etc.? Once they have completed this analysis, the next step is to reach out to their acquirer/processor and vendors (such as Accertify) in the market to see who is best placed to assist them. Finally, it is important for merchants to remember that acquirers will want to maintain a very low fraud rate, in order to extract maximum value from the SCA exemptions. This means that merchants with a low fraud rate may have a stronger position when speaking to their acquirer/processor.”

While U.S. businesses are not covered by the regulation just by serving customers in Europe, they are included if accepting cards issued in the European Economic Area at a merchant location, including a website, based in the region. With authentication standards around the world increasing gradually, if unevenly, the opportunity for biometrics providers has already arrived.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events