The second version of the European Payments Services Directive (PSD2), is expected to be introduced into law by the end of the this year. It will have significant impact on payments. By November 2017, financial organisations must also be able to support real time transfers of up to €15,000 as part of the Single Payments Area (SEPA) Instant Credit Transfer arrangements. It is a challenging time for these organisations.
The focus of these two payment mechanisms is different, but they have one thing in common: both increase the level of fraud risk.
The new services covered by PSD2
Regulation is generally designed to increase competition in the market place, and PSD2 will introduce new intermediaries for payments. Banks will be required to provide information to these new organisations, even though that will increase their competition.
PSD2 aims to control services provided by firms using new financial technologies (fintechs). These have previously been unsupervised by regulators. PSD2 divides service providers into two categories:
- Payment Initiation Service Providers (PISP): these initiate payment orders at the request of a customer from a payment account held with another provider’s payment service. Example of these services include Sofort in Germany and iDeal in the Netherlands; and
- Account Information Service Provider (AISP): these allow users to have a consolidated view of all their banking information through a single interface. The best known are Bankin or Linxo, and some institutions use Boursorama, which has acquired a fintech, Fiduceo.
With the addition of additional payment services, it would be expected that there is an increase in transaction volumes. With an increase in volumes of transactions, there could be an expected fraud increase. Using advanced analytics to derive customer insights is a great method of analysing and identifying transactional patterns which could indicate fraud.
New security issues
New payment mechanisms offer considerable convenience and benefits to customers, but they also generate security concerns. Providing access to data and payment information for third party providers significantly increases the risks of fraud. At its simplest, this may arise from the additional access to personal and sensitive data. New data protection obligations, particularly as a result of the General Data Protection Regulation (GDPR), will only add to these concerns, and where responsibility lies may not be entirely clear.
The added challenge is that new types of fraud may appear. The addition of new intermediaries is likely to expose any existing gaps in payment processes, and perhaps create new ones in unforeseen places. Fraudsters tend the target the easiest areas, and as one gap is sealed up, they will move on to other areas.
PSD2 requires providers to authenticate consumers when validating online payments, as a way to reduce some of these risks. Options for validation include SMS, fingerprints on certain telephones and even video selfies. The norm is likely to be to provide strong, probably double, authentication, but firms will be left to decide which identification methods they use. Of course, they then also have to consider how that would integrate with existing platforms, including fraud prevention platforms.
All of this means that organisations are being forced to make decisions about their fraud prevention systems. There are a number of questions to answer, particularly whether existing fraud solutions should be extended to support PSD2 requirements, and protect against new types of fraud. An alternative would be consider a new fraud detection system be deployed. Both options have risks and benefits.
The clock is ticking
It is expected that PSD2 will be incorporated into law by member countries by November 2017. The clock is ticking, and decisions must be made quickly if financial organisations and their customers are not to be exposed to considerable risk.
More to read on fraud detection and prevention:
White Paper: The Flip Side of the Fraud Detection Coin
See how analytics enables banks to balance risk with customer demand for fast access to deposits. Find the delicate balance between letting deposit transactions process unencumbered (so that customers are not frustrated by delayed access to their money) and doing the right level of diligence to detect and prevent fraudulent activity.
Customer story:Payments processor Nets improves fraud-detectionDownload a Solution Brief: Reduce payment fraud losses while lowering associated costs