PSD2 in the UK: the Impact on Fraud and Revenues to Date

  • Galit Shani-Michel, VP of Payments at Forter

  • 28.06.2023 11:00 am
  • #fraud

In March 2022, the UK implemented the final piece of the second Payment Services Directive (PSD2), requiring customer-initiated payment transactions to be subjected to strong customer authentication (SCA), via a new method, such as two-factor authentication (2FA). PSD2 is designed to protect customers in the digital payment ecosystem from fraud, in particular Card Not Present (CNP) fraud, which has historically constituted the lion’s share of card-related theft – amounting to an estimated EUR 1.5 billion in 2019. 

However, it also introduces extra friction into the payment process. This can result in lost revenue, as customers fail to complete transactions for a variety of reasons. 

Additionally, not all fraud is prevented by SCA, as fraudsters continuously develop new ways to circumvent 2FA. Thus, there is a balance to be struck between protecting customers and safeguarding revenue.

Now, eight months after full implementation, we have sufficient data from the UK and other major retail markets in Europe to learn what impact PSD2 is having on ecommerce fraud and revenues. The picture is mixed, to say the least, with key findings showing that:

Lost revenues are significant

Forter’s analysis shows that, across the UK, Germany, France, Spain, and Italy merchants are missing out on up to 8-10% of revenue, as a result of SCA application using 3D-Secure (3DS).

In the UK, in cases where SCA has been applied using 3DS to transactions of any amount, only 79% of transactions are completed. Eight percent are abandoned by the customer, 11% fail due to the customer entering incorrect details, and 2% experience a technical issue that prevents the transaction success. This means that merchants are losing more than 20% of transactions every time 3DS is applied. Considering that in the UK 3DS is applied to 10% of transactions, on average, this can seriously impact the revenue.

Mobile 3DS failure rates exceed web-based failures

Mobile commerce is rapidly catching up with its desktop counterpart. 15% percent of total retail sales were conducted through a mobile phone in 2021 – but challenges remain. Consumers don’t like typing on tiny screens and having to enter data multiple times adds unwelcome friction. Merchants and PSPs are working hard to overcome this by storing key information such as logins, delivery addresses, and payment data to autofill forms, wherever possible. 

However, these efforts can become challenging and frustrating when it comes to the application of 3DS, and that’s reflected in our findings: while 81% of transactions subjected to 3DS via the web were successful, that figure drops to 72% on mobiles. This disparity existed across all regions to different extents, with almost a 13% drop in 3DS success between web and mobile in Germany.

Clearly, merchants and 3DS providers must collaborate to optimise the customer experience on mobiles, so merchants can successfully make the transition from ecommerce to m-commerce and avoid leaving revenue on the table. Implementing effective Transaction Risk Analysis (TRA) and working with multiple PSPs so exemptions can be requested wherever possible is a key route to reducing friction, and one that should be a priority for businesses to reduce lost revenue. 

The UK has adapted best to PSD2

Among the five biggest European retail markets, the UK has the highest authorisation rate (92%) and completion rate (90%) for 3DS transactions. This compares to an average across the markets of 88% authorisation rate and just an 82% completion rate. It seems that, despite being the last region to fully implement PSD2 – or perhaps because of this – the UK payments ecosystem has adapted best.

UK challenger banks are leading the SCA charge

Looking at the data in detail reveals that UK challenger banks have the highest 3DS success rate, with 87% of all transactions completed successfully. The focus on user experience and seamless service underpinning the challenger bank ethos may explain their success in guiding customers through 3DS challenges. 

What’s the safe and compliant way to optimise revenue?

Given SCA has such a significant impact on transactions, must merchants use it 100% of the time? The simple answer is no; merchants can use TRA exemptions to legally bypass the SCA requirement. This boost to transaction volumes can increase revenue but will also increase the risk of fraud and chargebacks, so it’s important for merchants to use a fraud prevention tool to decide when exemptions should be used. 

PSD2: anti-fraud tool, conversion killer, or both?

PSD2’s SCA requirement undoubtedly adds security to CNP payments, but it also adds friction leading to the loss of legitimate transactions. The above data shows that PSD2 has certainly had a negative effect on conversions, leading to lost revenue and customer frustration at a time when, more than ever, merchants need to strengthen customer relationships and maximise every transaction opportunity.

In terms of fraud, PDS2 may have hardened one fraud vector, but this has only shifted the problem. Forter’s research across Europe has detected a considerable increase in alternative payment method fraud (such as gift cards), which rose 60% in 2021 compared to the pre-PSD2-enforcement period in 2020. We also found a 30% increase in fraud pressure around Item Not Received (INR) tactics. Fraudsters are going elsewhere, and this underlines the need for multi-channel fraud protection, as PSD2 is not a silver bullet. 

Nevertheless, consumers are better protected overall, so it is now incumbent on merchants and PSPs to develop smarter ways to provide a seamless customer experience while blocking fraud. And, as challenger banks lead the charge, their legacy counterparts should take a leaf from their ledger to raise the level of user experience and limit the impact of PSD2 on merchant revenues.

Related Blogs

Other Blogs