Galit Michel, VP of Payments at Forter provides Payment Expert with an in-depth look at the real impact of PSD2 regulations and their enforcement on the payment sector.
For months, the payment ecosystem speculated what impact PSD2 will have on conversions. Many merchants feared that PSD2 would harm their conversion rates and customer checkout experience, leading to a decline in revenue generation and profitability.
Now that the regulation rollout has begun, there is finally data to analyse.
While PSD2 is not yet fully enforced throughout much of Europe, most countries already require compliance over certain transaction values. Additional PSD2 enforcement rollout dates are coming within the next several weeks, and by the end of the year, all European countries will fully enforce the regulation. However, the impact of PSD2 is already seen and felt on the bottom line of merchants.
At Forter, we wanted to see if the fears merchants and payments professionals had regarding PSD2 were justified, or if the European consumer was, as some hoped, willing to adapt their online payment habits to suit the demands of the new regulation.
Spoiler alert: merchants’ fears were justified, and consumers are not reacting well to the added friction required by the regulation.
Conversion declines every step of the way
One of the most significant concerns merchants had regarding PSD2 was the increased reliance they would have on 3DS. Since PSD2 requires Strong Customer Authentication (SCA) as part of the verification process, most merchants were planning on using 3DS to comply with the directive. However, doing so may be detrimental to their operations.
The 3DS authentication process has multiple steps, and PSD2 impacts all of them. As a result, there are more opportunities for merchants to lose out on transactions and reduce their revenue generation. If merchants only examine authentication failures, they will not be able to truly assess the impact of PSD2 on their operations, or the true rate of declines it causes.
The first thing that can reduce conversions is the higher rate of 3DS triggered user abandonment. Since many consumers are not familiar with the 3DS process, there is a higher chance of abandonment during the authentication process. Users may also choose to abandon a transaction simply because there are additional steps to complete, giving them more time to contemplate their purchase.
During the 3DS authentication stage, transactions may fail authentication due to customer triggered issues such as inputting a wrong 3DS verification code or not completing the 3DS challenge on time. When this happens, it is difficult for merchants to recapture the transactions leading to revenue loss.
If a consumer successfully completes 3DS, the transaction will continue to authorisation, however, even here there are multiple opportunities for the transaction to be lost. A legitimate transaction may be declined if an issuer perceives the transaction as high risk. The issuer may then choose to decline the transaction to avoid chargeback liability. This is because when 3DS is completed successfully, the chargeback liability shifts to the issuing bank.
To avoid increasing their risk ratio, issuing banks will then decline transactions, preserving their business but harming merchants’ profitability. This is evident by the lower authorisation rate recorded from issuing banks post 3DS authentication compared with authorisation rate of non-3DS transactions. When this happens, the consumers experience is negatively impacted, causing long term reputational damage
Merchants that only examine authorisation ratio without taking into consideration the 3DS triggered user abandonments and failed 3DS authentication will not be able to see what the rest of Europe is already experiencing: a significant overall decline resulting from PSD2.
What PSD2 compliance means for conversion rates
Analysing data from Forter’s global eCommerce merchant and acquirer network provides a clear view of the negative impact PSD2 has on conversion rates.
Conversion rates of 3DS transactions compared with non-3DS transactions reveal the negative impact of 3DS on overall conversions throughout Europe.
|Decrease in conversions per country:|
The same impact is seen in data points reported by top card brands such as MasterCard.
Looking further into the negative impact of 3DS on conversions reveals how unprepared the payment ecosystem and the consumers are for the regulation.
PSD2 Trends and Insights
In Germany for example, 17-20% of transactions are lost due to customer abandonment during the 3DS process, and another 20-22% of transactions fail 3DS authentication. The high customer abandonment rates and 3DS failure rates show that consumers are not prepared for the new regulation and are not handling the increased friction well. High 3DS authentication declines are the result of technical failure or issuer decline. This indicates that the payment ecosystem is not fully prepared to handle the new regulation.
In other countries, such as France and the UK, 3DS has a higher success rate (80% and 85% respectively), however, even there, merchants are still losing out on transactions and their revenue generation is impacted.
3DS impact on complete rate
The complete rate is one of the most critical KPIs for merchants looking to analyse the impact of PSD2 on their operations. Analysing the complete rate provides merchants with the true number of transactions authorised out of all transaction attempts.
The roll out of PSD2 and the rise of 3DS transactions forces merchants to separate absolute complete rate calculations based on whether or not 3DS was used. This is the only way to truly understand from a bird’s eye view how PSD2 impacts operations.
How to calculate the complete rate: divide the number of total authorised transactions by all purchasing attempts (including 3DS fails, fraud, abandonment etc.).
Analysing absolute complete rates with and without 3DS throughout Europe reveals a clear decrease in complete rate when 3DS is used. This indicates that consumers are not reacting well to the increased friction and that issuers are taking a more cautious approach.
For example, in Germany, the absolute complete rate without 3DS is 78-94%, while the complete rate on transactions for which 3DS was applied drops to 45-55%. This means that for every transaction 3DS is applied to, there is on average a 50% chance it will not be completed.
Who must comply, and with what?
While December 31 2020 was the formal extended deadline for all companies and organisations who operate within the European Union or European Economic Area (EEA) to be fully compliant with PSD2, some countries have extended enforcement and implemented staggered enforcement dates.
Great Britain: Regulation is not fully enforced yet. Merchants must complete SCA for:
- Transactions over 1,000 GBP by 1 June, 2021
- Transactions over 500 GBP by 1 July, 2021
- Transactions over 250 GBP by 1 September, 2021
Full enforcement by September 14th, 2021
Germany: Regulation is now fully enforced. Merchants must complete SCA for:
- Transactions over 250 EUR since January 15th, 2021
- Transactions over 150 EUR since February 1st, 2021
Full enforcement since March 15th, 2021
France: Regulation is not fully enforced yet. Merchants must complete SCA for:
- Transactions over 1000 EUR since January 1st, 2021
- Transactions over 500 EUR since February 15th, 2021
Full enforcement by April 1st, 2021
Italy: Regulation is not fully enforced yet. Merchants must complete SCA for:
- Transactions over 1000 EUR since January 1st, 2021
- Transactions over 500 EUR since February 1st, 2021
- Transactions over 100 EUR since February 1st, 2021
Full enforcement by 1 April, 2021
In other countries, issuers have begun issuing soft declines on transactions that have not been authenticated using 3DS.
For example, in Finland, one issuing bank has already begun issuing declines for non 3DS transactions since 12 January; in the Netherlands, issuers started issuing soft declines on transactions over 250 EUR during the first week of January, and by the second week of February, soft declines were issued for transactions over 75 EUR.
Counteracting abandonment, authorisation fails and declines
More and more countries will fully enforce PSD2 in the coming weeks and months, and as a result, more merchants will be forced to process transactions using 3DS. Those that do will inevitably see a decline in their complete rate, directly impacting their profitability. To avoid the impact of 3DS, merchants need to avoid using 3DS.
A strong fraud prevention solution will help merchants reduce their fraud rate, improving their merchant standing and reducing their risk liability. A fraud prevention solution is also a critical tool for merchants who want to reduce 3DS usage and take advantage of the exemptions enabled under PSD2. This is because the most common exemption, Transaction Risk Analysis (TRA), is based on the risk of a transaction. If a merchant has a fraud prevention solution that can assess in real-time the risk of each transaction, only those that are deemed low risk and meet the criteria will be sent through the exemption engine. Issuers are more likely to accept an exemption if the merchant has a fraud prevention solution in place since it will reduce their liability.
Finally, for transactions that are not exemption eligible, having a dynamic 3DS solution in place will help maximise conversions for transactions that do require 3DS. This includes high volume transactions, high-risk industries, transactions where the processing parties are not able to accept exemptions and so on. Dynamic 3DS is able to route consumers through the path of least friction by considering their unique behavioural patterns. This improves the customer experience as well as their chances of completing the transaction, creating a win-win for all.