By Jason Lane, Executive Vice President, Market Development Europe, MasterCard
So much of the discussion about the impact on the industry of the European Union’s revised Payment Services Directive (PSD2) has focused on the account to account (A2A) provisions and what they mean for PSPs, banks and acquirers that it is easy to overlook the regulation’s other implications for customers.
It is very important not to do this. As well as encouraging competition in the European payments landscape, PSD2 is aiming to improve consumer protection, and in this regard its provisions in the area of strong customer authentication (SCA) are every bit as critical as those around A2A.
Where PSD2 focuses on measures to drive down fraud and better protect the users of payment services, it has the potential to fundamentally change the customer experience – and this must be done in the right way if the customer experience is to improve and not diminish.
The first point to make is that two-factor authentication, where users must prove their identity in two out of three ways (something they are, something they have and something they know), is a highly effective way of driving down fraud and benefits consumers, merchants and banks.
The challenge lies in how two-factor authentication is implemented, in order to ensure strong consumer acceptance and adoption. Today’s customers are used to seamless engagement and frictionless transactions. Think about Amazon one-click.
If SCA as implemented under PSD2 adds more friction and puts impediments in the way of seamless engagement for customers, then consumer acceptance and adoption will suffer. In other words, an intended fraud prevention technique, if not implemented correctly, could rapidly become a business prevention technique.
The solution is to ensure an approach that allows enough freedom to create implementations that will appeal to consumers, increasing their safety and security, while allowing them to transact in ways they appreciate today.
The approach should also ensure consistency of application in different countries, for different players and around different payment mechanisms. Consumers should not have to go through a more complex authentication process for a card payment than for an account-to-account instant payment – especially given the fact that far more customer protections are already in place around card payments than they are around irrevocable payments directly from bank accounts.
It is therefore essential to keep in mind what consumers want – a simple, smooth, protected payment experience. If consumers are exposed to payments experiences that fall short of this requirement, then we will see a rise in abandonment of sales, as what started as really good thinking about how to improve consumer protection turns out to have really bad consequences as a result of poor implementation.
The good news is that the fraud prevention mechanisms we have today around biometrics for example are both safe and convenient, and have great potential in the fight against fraud as standards for their roll-out across the entire industry go from strength to strength. An authentication roadmap, designed to preserve the good balance between security and user experience, will also drive positive benefits for consumers and the industry as a whole – and when this balance is right, then the effectiveness of anti-fraud measures is optimal.
If you’re looking into scaling biometrics, have a look at the latest study that we conducted with the University of Oxford on “Mobile biometrics” and let’s meet up at Money 20/20 Europe to discuss #WhatsNext.