In 2019, Europe’s Revised Payment Services Directive (PSD2) dominated the conversation around payment regulation. However, there are a number of countries with parallel regulations already in place or in plan.
For example, Australia Pay Network’s CNP Fraud Mitigation Framework was released on 1st July 2019. With similar conditions to PSD2, the framework requires two-factor authentication when a merchant’s fraud rate is above the recommended rate for two consecutive quarters.
Alongside formal directives, EMVCo has released 3D Secure 2.0 authentication method– a significant improvement on its predecessor which will impact the success of authentication.
3D Secure 2.o will be rolled out worldwide throughout 2020 and will impact on the North American e-commerce market. The map covers the regulations and conditions for the major e-commerce markets worldwide.
Background on PSD2
PSD2 is a set of laws and regulations for payment services in the European Union (EU) and the European Economic Area (EEA). PSD2 was passed by the European Banking Authority (EBA) in 2015 and then transposed into local laws later by each country.
The most important aspect for e-commerce merchants is the requirement for Strong Customer Authentication (SCA). In practice, this requires two-factor authentication (3D Secure) on many payments over €30 which start and end in the EEA.
This is a huge change from the current authentication trends – with most merchants authenticating only the riskiest payments. This sudden change in the terms for millions of payments could cost Europe’s online economy millions.
The EBA’s decision to delay the implementation of SCA
Originally, this was due to come into effect on 14 September 2019. However, the EBA has allowed a grace period due to concerns over the impact on the economy and the fact that many merchants and payment providers are not prepared for the change.
The EBA has good intentions, and in some ways, more time to adjust to the new payment conditions is necessary and shows a good understating of the market. But it’s not as clear-cut as that – the EBA has not set a Europe-wide delay or implementation plan but instead has given power to the local regulators to set their own timetables.
This means each national competent authority (NCA) will have its own implementation schedule and there will be a range of different approaches to SCA and 3D Secure across Europe for months, or even years.
How this delay impacts merchants and payment providers
The range in approaches is a massive challenge for merchants and payment providers. It makes the decision about whether to use 3D Secure more difficult, and means each payment has a higher risk of getting declined.
So far, there have been calls for a European-wide harmonised delay and strong indications that the EBA will release a final deadline for compliance in Q4 2019. A final deadline will help give the industry a clear view of how long the uncertainty will last, but we expect some countries to speed up the implementation process ahead of the final date.
Therefore, it’s vital to keep an eye on how different NCAs manage payment authentication and when they will enforce SCA.
The payment regulation map from Ravelin is a great tool which includes up-to-date information on PSD2 implementation for all the countries in the EEA and also includes major online payment conditions and regulations for e-commerce markets globally.
The post Worldwide trends in increasing payment regulation and 3D Secure 2.0 appeared first on Payments Cards & Mobile.