Stricter payment requirements in Europe could drive fraud elsewhere
From September this year the second Payment Services Directive (PSD2) comes into force across the EU. This will require payment service providers to offer strong customer authentication (SCA) and third-party access to bank accounts or risk losing their their payment provider license.
But a new report today from fraud prevention company iovation suggests that stricter requirements for fraud prevention in Europe will drive fraud to other regions such as the US.
The study, carried out with research firm Aite Group, also shows that with just six months to go most companies are still unprepared for PSD2. In fact, a recent study by Mastercard found that only 25 percent of European online merchants are aware of SCA requirements under PSD2, 14 percent already support SCA, 28 percent say they will be SCA ready by September 2019 and 24 percent have no plans to support SCA. Since companies providing payment services in the European Economic Area are subject to the regulation, even businesses with headquarters outside Europe might need to comply.
"The zeitgeist of regulations with extra territorial effect like GDPR continues with PSD2. This will have long-standing operational implications to companies wherever they are based," says iovation's compliance manager, Mark Weston. "The merchants that succeed post PSD2 will be those that make consumer authentication as effortless as possible through methods like 'invisible' device-based authentication and biometrics. And with the likes of Facebook and Google becoming payment processors, merchants are going to have to compete with an ever widening marketplace."