The Payments Service Directive is a European regulation aimed at ensuring a wider choice of secure payment services for consumers in EEA countries. First established in 2007 by the European Commission (EC) and the European Banking Authority (EBA), the latest update to the regulation came into full force on December 31, 2020, after initially coming into effect in January, 2018.
This updated regulation – now in the roll-out process in multiple countries in the EU – concerns you if you’re a merchant selling online in European countries.
Read on to see what’s changed and what you can during this shift to ensure a predictable experience for your online shoppers and buyers.
Changes in the Checkout Experience
The new regulation mandates the use of Strong Customer Authentication (SCA) protocols, through EMV 3D Secure implementation (you may know this as 3D Secure 2.0 or 3DS2) for all eCommerce and POS payments initiated by the shopper, unless they qualify for one of the exemptions. In simpler terms, what this means for the merchant is that a lot of their customers will now be subject to an extra validation step in the checkout, one where a second factor is required so that the transaction is authenticated in order to prevent online fraud.
When a user initiates an order with payment on your website, they can now fall into one of two scenarios in terms of the payment experience:
- The frictionless flow, which requires no extra shopper input to authenticate and is similar to how online payments were processed prior to 2021. The shopper just inputs their payment details in the checkout (think credit card number, account holder name, and CVV code), the issuing bank checks that these are all in order in the background, and the shopper is advanced from checkout to thank you page directly.
- The challenge flow, by contrast, makes the user authenticate themselves with an extra step, the 3DS2 verification. You’re probably familiar with how 3DS1 used to work, as that has been around since 2001 – during the online payment process, the user used to be redirected to a 3D Secure page, where they’d have to introduce a code received on their phone. Back in the day, this extra step could generate checkout drop off rates between 5 and 15%, so it’s no wonder an update was needed. 3DS2 is similar to its predecessor, but it promises a more seamless authentication process: instead of an SMS text, the user verifies her identity via biometrics in the banking app, fingerprint scan, facial recognition, or a previously known password.
Not all online transactions will be subject to the new challenge flows, however, as there are some for which PSD2 provides exemptions by default, making for a frictionless flow. These include:
- Low-value transactions (€30 is recommended, but this may vary depending on issuer).
- Recurring transactions, such as those for subscriptions where the same amount, same payee, and same cycle has been employed before, and the initial transaction passed 3DS2 verification. According to the PSD2 regulation, Merchants Initiated Transactions (MIT), under which recurring transactions fall, are exempt from strong customer authentication. These types of payments involve a merchant charging previously stored card credentials. Authentication is not required here because the merchant uses the ID of the initial transaction, which was a Customer Initiated Transaction (CIT), therefore already authenticated by the user.
- Others, like issuer white-listed transactions, secure corporate payments, or some exemptions made to transactions with a low TRA (Transaction Risk Analysis) score.
It’s important to note that this evolution to the way checkouts work may be met with some apprehension or uncertainty from shoppers in the beginning, leading them to abandon their orders mid-purchase.
2Checkout platform capabilities make the switch to PSD2 seamless
As a payments service provider, 2Checkout balances your customers’ expectations for a seamless checkout experience with your needs as a merchant to comply with regulations set by European bodies and enforced by issuers. We have been updating and refining our systems for PSD2 compliance since 2018, and our platform now boasts features that can help you weather this shifting landscape with minimal impact.
Here are the main PSD2-compliant capabilities and updates you benefit from as a 2Checkout client:
Updated 3D Secure Flows
We’ve updated our checkout flows for EEA countries so that these trigger 3DS2 for Cardholder Initiated Transactions which do not fall under the exemptions listed above. So, after the shopper initiates a payment, our systems will check if the payment method is enrolled in 3DS2. If it is, the platform then checks if the frictionless flow is possible. If the conditions are met, the frictionless route is served, with no authentication required. Otherwise, the shopper will go through the 3DS2 verification and redirect (card issuer’s page/app).
We have also put in place fallbacks to 3D Secure 1, should 3DS2 not be available. If the shopper’s card is not enrolled in 3DS2, a 3DS1 verification (card issuer’s page/app) is attempted.
Curious to see a 3DS2 flow in action? Watch our Biometrics in payments webinar for some nice examples.
Alhough they challenge shoppers to make an extra step, 3DS flows have been shown to be very lucrative for merchants, who can benefit from advantages such as:
- Increased authorization rates
- Better fraud protection (risky transactions are better churned)
- Fewer chargebacks
Updated Exemptions Management
To ensure all valid cases are exempted from 3DS verification, we’ve updated our exemption management rules. The payment scenarios that involve low-value or low-risk transactions, trusted beneficiaries, or recurring transactions benefit from frictionless flows.
It is worth noting that for low-risk transactions to qualify for a frictionless flow, the issuing bank must also approve this flow. If the issuing bank considers the transaction risky, it may still trigger the 3DS2 flow, in spite of requests from you or 2Checkout. To prevent this, share as much shopper information as possible with 2Checkout to share with the bank, perhaps even more than what’s labeled mandatory.
Recurring transactions made for the same amount, to the same payee, and same cycle, as well as Merchant Initiated Transactions, are outside the scope of SCA and do not require 3DS2 checks.
To manage these and other exemptions, 2Checkout ordering engines use up-to-date Bank Identification Number (BIN) databases to identify issuers outside the EEA or anonymous card transactions. What’s more, our exemption management rules are under a continuous review and optimization process.
Update to Dunning Flows
Dunning is the process of managing communication with a client when a payment fails, in order to collect the due revenue. Because the new challenge flows can lead to customers not finalizing a payment, it is important to have these dunning campaigns in place for transactions that go through SCA flows.
2Checkout has implemented dedicated dunning emails in our platform for recurring payments, and templates are available to be set up for other types of payments. Here’s where to activate dunning from your 2Checkout control panel:
It is important that your dunning emails inform the client about the new authentication process and why the payment failed the first time around, and also include the checkout link where they can re-try the transaction.
Extra Capabilities Available on the 2Checkout Platform
The 2Checkout platform gives you access to a lot of other built-in features that may prove to be lucrative while PSD2 rolls out in European countries. You can quickly take advantage of these from the 2Checkout control panel, where they can be easily customized.
Activate alternative payment methods in your checkout
We’ve been working to activate diverse payment method options in your checkouts for years, but 2021 is an even better year to give your customers the option of alternative payment methods. As PSD2 doubles down on security for online payments, alternative payment methods find themselves at a better advantage versus the traditional card because they were designed with SCA compliance in mind.
Methods like iDEAL in the Netherlands, Bancontact in Belgium, or even PayPal globally are products of modern times and their flows already include additional user verification that is SCA-compliant. What’s more, shoppers are already accustomed to how have they authenticate a purchase in their Apple Pay, for example, unlike the new card authentication, which is a novelty for many. The 2Checkout platform supports more than 45 different payment methods, many of these being alternative payment methods, so you can activate those that your market prefers to have an alternative card on hand in the checkout.
Use lead management campaigns for abandoned carts and unfinished payments
Lead management campaigns are a smart way to reduce customer churn and recover your orders via follow-up emails sent to users. These are available in the 2Checkout platform for catalog products. You can send:
- Email follow-ups to customers with unfinished payments. If the payment fails, as in the case where the user doesn’t pass authentication the first time due to a challenge flow, you can set a rule that the customer receives an email about the payment within an hour or two, to avoid losing the prospect entirely.
- Email follow-ups and promotional follow-ups for abandoned carts or free trial users. For users who willingly abandon a cart or who’ve tried a free trial with you, you can even include a promotional offering in your follow-up email, to make it more enticing to return to shop.
Activate auto-renewal campaigns for subscribers
If your subscribers were not already using automatic renewals, the enforcement of PSD2 gives you a good opportunity to simplify their lives and recommend enrolling in auto-renewals. With automatic renewals enabled, your users no longer have to go through the periodic SCA authentications, making for a more efficient process overall. You can even offer discounts with these campaigns through the 2Checkout platform.
Our data shows that 40% of users who enter auto-renewal campaigns end up enabling automatic renewal in time. Explore the option for yourself!
Understand and conquer friction with analytics
To better understand user needs and their payment experience, merchants need to keep a close eye on their analytics data. This way they can see observe any possible hurdles brought on by the new challenge flows and take proactive measures to correct these.
The 2Checkout dashboard includes a comprehensive reporting section, where you can generate out-of-the-box or custom reports which will illustrate how the payment experience is going for your site users. Look for reports on order statistics, churn prevention, enrollment metrics, and authorization reports for subscriptions, to get a feel for how PSD2 has impacted the payment experience for shoppers in EEA countries. In case you uncover friction, consider employing the tactics listed above to optimize the experience for your customers.
Conclusion
In spite of the lengthier process that PSD2 currently requires of online shoppers, the new European regulations are a step forward in securitizing payments for merchants and consumers; we expect they will be a model for other financial regulatory bodies around the world. Under the new regulations, both parties in an online eCommerce payment will be better protected against fraud and they may even benefit from more competitive pricing from banks and issuers down the line, as competition intensifies.
2Checkout is committed to offering merchants security and compliance for all transactions, while maintaining a pleasant shopper experience on the other end. We will continue updating our ordering engines, capabilities, and exemption rules as more countries and issuers implement SCA flows, so be sure to check back for updates.
Want to learn more about this? Make sure you read all our resources on the topic and FAQs on the 2Checkout dedicated PSD2 landing page.