PSD2 Explained for eCommerce Merchants: The Benefits & How to Prepare
June 18, 2019
LiveArea’s Senior Technology Architect Richard Mathias discusses the impacts of PSD2 on eCommerce businesses, and how they can embrace the changes it brings
What is PSD2?
PSD2 – the second Payment Services Directive – is an EU directive scheduled to be enforced on 14 September 2019, setting a standard for fraud prevention and transparent online payments across the EU.
The key differences will be in surcharges and Strong Customer Authentication.
Surcharging of all B2C transactions will be banned, meaning merchants can no longer charge extra fees to consumers for paying by credit card, or via SEPA (cross-border Euro bank transfer), for instance. We will focus on B2C transactions in this article (B2B transactions are still liable to surcharges).
Strong Customer Authentication
PSD2 will promote Strong Customer Authentication (SCA) by enforcing two-factor authentication.
Two-factor authentication is expected to reduce fraudulent transactions online. Practically, this means asking the customer to provide two of the following:
- Something they know: Card details, a static password, PIN, security question
- Something they own: A one-time password (OTP) sent to a registered device, an on-screen QR code to be scanned by a registered device
- Something they are: A biometric feature, such as fingerprint, face or iris recognition
Open banking, AISPs & PISPs
PSD2 will essentially promote an open banking model. This requires banks to open APIs to third party providers for access to customers’ accounts, to gather and manage customer consent to third party access, and to implement SCA.
Open banking will be supported by two categories of third party providers: payment initiation service providers (PISPs) and account information service providers (AISPs). Two-factor authentication will be needed for both services.
Open banking requires banks to publish APIs so that merchants can, with the account holder’s permission, access a customer’s bank account. For merchants, PISPs will be able to receive payment without other third parties needing to be involved, streamlining the backend payment process.
For example, a merchant such as Amazon may currently accept a card payment through a third party. Using a card provider’s backend, it pulls funds from a customer’s bank account.
With PSD2, Amazon can provide the customer a button to approve access to their bank account. The customer doesn’t give Amazon account credentials, but is directed to a bank login on the first occasion. The next time the customer shops, Amazon remembers the connection, and provides instant checkout.
While PISPs will be used to initiate payments, AISPs will consolidate consumers’ information. AISPs will ask for permission to connect to a consumer’s bank account(s) and use their information to collect data insights and provide a service. AISPs are authorised ‘read-only’ access of bank account information – they can see payments and movements, but can’t access money or initiate payments.
What are the benefits of PSD2 for eCommerce merchants?
SCA is expected to add new layers to the front end of checkouts, which adds friction to customer journeys. This will have eCommerce managers worried about conversion rates. In addition, there may also be a plethora of new payment providers to integrate at checkout. However, there are some benefits.
Making online purchases more secure reduces potential chargebacks for businesses. These charges come when customers fall victim to fraudulent activity on retailers’ sites. Also, a reduction in fraud will help build trust and loyalty. Just think, even if a fraudulent transaction is carried out by a third party via a retailer’s site, it’s unlikely the customer will ever trust that site again.
PSD2 regulations force retailers and payment providers to innovate and cause significant disruption in other payment areas. Disruption always comes with opportunities, and new challenger companies looking to undermine the status quo and utilise technology in new ways. Think consumer credit, international payments, subscriptions, and speedy purchase. As we’ve seen with emergence of Monzo, Revolut, and Starling, disruption benefits those that are willing to push the boundaries.
There’s the opportunity for merchants and fintechs to become trusted payment providers. Alongside the usual players (cards, PayPal, Apple Pay etc.), the likes of Amazon Pay could take advantage of the opportunity to offer their payment service on other sites. If the customer is a regular Amazon user and sees the Amazon Pay option on another retailer’s site, it’s likely they will see this as a quick and secure option at checkout.
It might not be too long until we see ASOS, Tesco, or Carrefour payment options alongside Google, Apple, and Amazon buttons at checkout.
How should eCommerce merchants prepare for PSD2?
While PSD2 will undoubtedly have a large impact on the way eCommerce companies operate, a flexible approach will help minimise impact on the buyer journey, whilst maintaining compliance in the process.
Removal of surcharges
Once businesses can no longer implement surcharges on certain transactions, they have two options: either swallow the cost or pass it on to customers in other ways, the most common will likely be raised prices. So, PSD2 in this context will likely have a short-term impact on the profit margins of businesses – particularly small businesses – in the longer term it may incentivise them to find cheaper ways for their customers to pay.
But these changes should drive innovation in payments that will eventually reduce costs. Some European banks have launched apps which allow payments to people and businesses directly from accounts, bypassing the credit card networks such as Visa and MasterCard and debit card systems. Barclays’ Pingit in the UK, DNB’s Vipps in Norway and ING’s Payconiq in Belgium are examples.
To mitigate the impact that SCA has on online sales, businesses should focus on an open strategy. The truth is that the implications of SCA are numerous and nuanced. Brands need to keep options open across all platforms until they have the data to show which is the most efficient and seamless, and consider the following along the way:
Analytics – Retailers should be tagging all clicks and payment actions (where possible) to better understand user behaviour and optimise the payment process. Analytics should be used at every point of the customer journey to understand the impact of each decision, and keep the focus on improving conversion and reducing dropout.
Progressive rollout – The focus for eCommerce companies should always be to find ways of keeping the payment process smooth and minimising negative effects of change. Rather than rushing to introduce lots of measures at once, businesses should plan a progressive rollout of technologies to meet regulatory compliance, with an emphasis on keeping changes to the payment flow smooth and signposted to customers.
Communicate – Copy, callouts, even emails can be used to let the customer know how, and when, important aspects of the flow will change, so that they’re not too jarring when they do arrive. Elsewhere, offering additional payment methods with two-factor authentication already built into the buyer journey, such as Apple Pay or PayPal, sooner rather than later, will allow for a seamless authentication process.
Stay up-to-date – Businesses should check whether they are using the current version of a payment provider’s integration tooling, as this will invariably require an upgrade for PSD2. Those lagging behind on old versions of the tooling may find that the effort to upgrade will be greater than expected.
Which payment methods should merchants be offering for PSD2?
To comply with PSD2 and accept payments after September 14, eCommerce merchants should ensure their online stores accept payments through updated technical solutions put in place by existing payment service providers. Expect all current payment service providers to develop new solutions in time for PSD2. Visa and Mastercard, for instance, are rolling out new security solutions for 3D secure payments in time for PSD2.
But there’s really no silver bullet in terms of exactly which additional payment options should be offered at checkout. Whilst retailers should obviously provide a choice for customers to make sure they convert, it’s possible that too many buttons and payment options may cause confusion at checkout. Merchants selling internationally also need to consider local payment methods – think iDEAL in the Netherlands, or PostFinance in Switzerland.
Merchants should look out for additional, innovative payment service providers that are likely to be launched before or around the deadline. This is an opportunity for fintechs, larger retailers and banks to think beyond compliance, embrace new business models, and provide new services. Merchants should be agile in adapting to changes in the space.
If retailers can differentiate themselves from competition, this could be a way of fostering customer loyalty. Offering a different payment option – for example, Klarna’s ‘pay later’ option for online payments – could set retailers ahead of competition if they are first movers. Merchants should be open to partnering with new, disruptive payment providers such as Klarna, Adyen, and Stripe.
Richard Mathias, Senior Technology Architect, LiveArea EMEA
Richard started his career at British Steel in Port Talbot, and is an experienced IT and commerce professional, having previously worked in strategy, consulting, technology and operations services provision. Richard specialises in bringing people, process, technology and innovation together to help B2C and B2B companies achieve measurable success.