5 Things a PSD2-Compliant Fraud Prevention Software Must Be Able to Do
Banks and payment service providers have had two major challenges thrust their way because of the COVID-19 pandemic. Firstly, there is a boom in online commerce which is leading to a flood of payment transactions and their accompanying fraud attempts. At the same time, the mandatory implementation of the EU payment directive PSD2 is now in full swing. The Directive is intended to curb fraudulent transactions but can add friction to the payment process when consumers on e-commerce platforms look to finalize their purchases.
PSD2, which has now been binding for all banks and payment service providers since January 1, 2021, aims to increase the security of financial transactions in e-commerce. To this end, it prescribes Strong Customer Authentication (SCA) which includes two-factor authentication. This requires shoppers to authenticate themselves with at least two of three possible elements: Knowledge (PIN or password), Possession (smartphone or token), or Inherence (biometric features such as fingerprints). However, this procedure necessitates an additional authentication step that can disrupt the buying process. Experience has shown that such disruptions lead to increased shopping cart abandonment, declining conversion rates and noticeable missed revenue opportunities. To prevent this, PSD2 provides for certain exemptions, one of those being the use of real-time transaction risk analysis.
Good fraud detection software can thus provide the right balance between risk protection and customer convenience. Here are 5 key qualities of fraud detection software that can help create both secure and convenient e-commerce transactions:
1. Risk-based Authentication
If the risk of a transaction can be determined in real time, exemptions can be applied. To do this, the software must be able to balance many parameters during the risk assessment. For low-risk transactions, two-factor authentication, which is cumbersome for customers, can be omitted. For higher-risk transactions, appropriate authentication steps can be triggered automatically.
There are no limits to the creativity of fraudsters. Payment service providers are therefore confronted with constantly changing fraud patterns. Fraud detection software must be able to respond quickly to these changes and still be easily adapted manually by compliance professionals.
As data volumes grow, so does the number of fraud attempts. The software must be able to scale up easily both in the short term for peak loads and in the medium and long term for steadily increasing transaction numbers.
4. Real-time analysis
The 3-D Secure protocol commonly used in payment transactions provides a wealth of historical and situational data, for example contextual information, which must be analyzed for payment processing. The ability to analyze this data in real time is a prerequisite for eliminating the need for additional authentication steps.
5. Hybrid AI approach
Pure machine learning approaches are overburdened with such complex real-time analyses. Instead, hybrid AI approaches are needed that leverage both data-driven and knowledge-driven techniques, such as fuzzy logic, to produce risk assessments within fractions of a second.
Risk and fraud prevention in e-commerce must combine comprehensive security for the customer with a convenient user experience. Technologies such as risk-based authentication resolve this contradiction by leveraging hybrid AI, improving the user experience, and thus optimizing conversion rates and online sales, all while preventing fraudulent transactions.