By Lucy Anderson and Mel Gauci, AusPayNet - 20 June 2019
When commenting on upcoming EU-wide security regulations, Patrick Collison, Chief Executive of Stripe, said that for those who aren't prepared Europe’s Second Payment Services Directive (PSD2) is "going to have a huge negative effect on [online payment] conversion rates".
While Europe has been implementing PSD2, AusPayNet has been working with the Australian e-commerce industry over the last 18 months to design a framework to reduce card-not-present (CNP) fraud. The consultation process has involved the entire payments ecosystem, including merchants and merchant advocacy groups, payment gateways, acquirers, card schemes, issuers, payment service providers, consumer advocacy groups and regulators.
So, what is PSD2 and how does it compare to the work we have been doing as an industry in Australia?
PSD applies to all remote payments and was passed by the EU in 2007, with the European Parliament passing the revised directive (PSD2) in October 2015. The scope of PSD is broader than payment fraud and SCA and was neatly summarised by UK’s Starling Bank as "the harmonisation of the payments landscape to level the playing field between countries and between payments providers, with the end goal of increasing competitiveness and thereby giving the consumer better value."
Barclays describes PSD2 as building on the previous legislation in three key areas:
The SCA mandate under PSD2 comes into effect in September 2019 and is, therefore, a particularly topical issue for EU payments participants. In May 2019, the European Payment Institutions Federation (EPIF) held a workshop in Brussels to discuss PSD2’s SCA requirements. Six key recommendations were agreed at this workshop and jointly supported by Ecommerce Europe, EuroCommerce, Visa and EPIF:
Most of these recommendations have been incorporated into AusPayNet’s CNP Fraud Mitigation Framework as a result of consultation and collaboration with the e-commerce industry. The Framework parallels PSD2, in that both endorse SCA as best practice to authenticate transactions, however there are key differences:
Combining this approach with a comprehensive communications strategy and phased lead times for implementation, the Framework provides a clear runway to readiness for the wider payments community for reducing fraud.
In discussing the Framework last week, Matt Neale, Chief Technology Officer at eStar, concluded: "The Framework is genuinely very good. It’s a pragmatic step, allowing the use of existing technologies and techniques in a completely vendor-agnostic manner, whilst leaving plenty of room for innovation and new technologies to emerge and fit within it."
 Financial Times Ecommerce Group Sounds alarm over EU security rules Tim Bradshaw June 4 2019