enterprisesecuritymag

Enhanced Payment Security and Customer Experience via PSD2

By Enterprise Security Magazine | Friday, November 30, 2018

The global standards for Fintech are based on the grounds of creating a trusted and safe space for transacting in a next generation ecommerce world. Till date, there haven’t been any adequate benchmarks for the minimum security controls, which have led to significant abuses by fraudsters. Even the most trusted brands in the Fintech world have not been spared. In any new product launch, the balance of customer experience and security is critical but in several cases, fintechs have prioritized chasing user adoption and gaining customer traction. Fraudsters would continue to exploit the security gaps and as such, the balance needs to be redressed and a strong consortium approach could bring discipline to Fintech.

The standards that were in existence to manage an ecommerce merchant against fraud were loose and few. 3D Secure was a small attempt to neutralize fraud; however, it never received widespread adoption or success. This resulted in merchants frequently needing to step up their own fraud operation business units if chargebacks increased beyond management’s tolerance for financial losses. However, this era of minimum investment in controls is rapidly ending with the advent of PSD2, the European mandate to increase consumer choice, reduce costs through competition, and bringing in innovation, integration, and harmonization in the space that would inevitably be the standard for ecommerce fraud management in the future.

Fraud has continued to flourish in the CNP format, with many merchants subsequently realizing that the ever growing fraud rates need to be mitigated by stronger detection and prevention controls. By instilling a universally accepted standard minimum level of controls that all businesses in Fintech must adhere to, PSD2 would bring structure and planning to investments.

This would inevitably help the Fintech industry scale new heights where merchants would need to include mandatory strong authentication, real time (automated) transaction decisions, malware detection, fraud scenario detection logic, behavioral profiling, device level analysis that may include IP and geo-location, response automation and monitoring, and reporting. By far, this is a more comprehensive structure as compared to what is associated with merchant fraud prevention, generally.

As customers continue their shift towards ecommerce, greater technology should be enabled to continue to adopt a future that enhances customer experience as well as security and PSD2 is the appropriate model to do this. Global merchants need to recognize that the security mechanisms employed in the Eurozone are not just best practices for one market but globally and when this is recognized by consumers, their expectations would align to these merchants’ authentication and fraud control.

Weekly Brief