The EU’s Payment Services Directive 2 (PSD2) regulation has been looming on the horizon since November 2015. The regulation sets out that all online transactions over the value of €30 will require stronger authentication than they currently do.
In practical terms this means that as a minimum, two-factor authentication (2FA) must be implemented across all these purchases – writes Nabeel Saeed, Senior Product Marketing Manager at Twilio.
This notably now includes purchases made on mobile, and with the percentage of e-commerce sales made on mobile predicted to reach 72.9% by 2021, mobile-friendly methods of achieving this are going to be a key consideration for retailers.
With the final deadline of 14th September 2019 less than six months away, businesses are fully realising the impact it will have – and they need to be prepared. There is no doubt that 2FA adds a welcome additional level of security for users.
However, the downside of this is that it also adds a new level of complexity into the user experience of online shopping. Retailers now need to take a step back and assess how they can balance security, scale and customer experience in light of this new challenge.
Who does PSD2 apply to?
According to the payment directive, those businesses ‘completing a payment in the EU’ are those who will have to comply. This doesn’t simply apply to organisations operating within the European Union; it also means that any business with customers who are EU-based will need to abide by PSD2 for those customers.
This means that if your business is based in the US, but a customer is making a transaction from the UK, that transaction will need to comply with the regulation. This also applies to any retailers selling products from EU locations into places further afield, including the US, Asia and Africa.
In short, billions of transactions will be affected.
How will stronger authentication take shape?
“One-click” shopping and Click and Collect have up until now been a big play for e-commerce, making online purchases as simple as the click of a button. But by its very definition, the new regulations will change the one-click landscape – at least for purchases over €30.
The new regulation means that larger transactions must have Strong Customer Authentication (SCA) at the point of purchase, which at a minimum means that 2FA has to be used.
Customers will need to enter a code received separately via text, email, phone call or app notification when making a purchase. In many ways this will hamper the shopping experience, in turn potentially making customers more likely to question their purchases.
Adding another layer of complication to this is the PSD2 requirement for dynamic linking. Each transaction must have a unique authentication code that is specific to the transaction amount and recipient, and this must be made clear to the customer at the point of payment.
This is not to say that this regulation will be difficult to implement. Many services exist already to enable retailers to integrate improved security measures into their businesses. APIs make this relatively easy.
There are then a number of options for retailers to choose from – from app-based push authentication, to one-time codes sent to the user’s mobile via SMS. Time-based, one-time passcodes can be a good option, as they require neither an internet nor a cmobile connection for authentication.
The key question is which of these methods best suit individual retailers – and which provide the best user experience?
Choosing the best method for your customer
The need for SCA will undoubtedly change the default customer experience when making payments online and on mobile. However, there are still options available that limit the intrusiveness of the transaction, even with the need for an additional step in the process.
Financial services companies, for instance, have long been using authentication methods built-in to their applications as a means to prevent fraud. The push authentication method means that only a simple touch is required from the user to approve or deny a transaction, and the experience is therefore intuitive and simple. Retailers should take their lead from this customer-centric approach.
Better still, forward-thinking companies should look at ways of simplifying the whole process of online and mobile payments, bearing in mind both the incoming regulations and the possibility of future rulings. Legislation like this shouldn’t be seen just as a barrier, but rather as an opportunity for new ways of working.
Ultimately, the continued growth of e-commerce both online and on mobile devices remains assured, but the way in which this takes shape may change as legislators take more notice of how this shifting landscape provides opportunity for fraud.
Retailers need to ensure they are being compliant, while proactively and thoughtfully managing their customer experience, to make sure that a seamless e-commerce experience is still possible.
The post How e-commerce will be shaken up by EU PSD2 in 2019 appeared first on Payments Cards & Mobile.