How PSD3 Can Turn Security Into Frictionless Experience for eCommerce Customers


Back in June, the European Banking Authority (EBA) published its response to the European Commission’s call for advice on its review of the revised Payment Services Directive (PSD2). That review is set to lead to a re-revised payments services directive in the coming years that the industry is referring to as PSD3.

As the official mouthpiece of the European banking sector, the EBA’s report raised concerns that will most affect banks and included close to 500 recommendations for the European Commission to consider. The document also articulated some perceived shortcomings of the current directive with which the industry is grappling.

Specifically, many of the suggestions address ambiguity in the existing legislation and the need for some degree of standardization for open banking APIs for financial institutions (FIs).

Read more: PSD3 Set to Mandate API Standardization

But PSD2 has had far-reaching implications outside of the limited sphere of banking, not least in the realm of financial technology.

Non-bank entities have integrated open banking APIs into their systems and PSD2’s requirements for strong customer authentication (SCA) affect pretty much every eCommerce merchant, FinTech and payment processor that does business in Europe.

One of the concerns industry players have pointed out is how mandatory SCA as defined by the regulatory technical standards of PSD2, leads to friction in the customer journey.

“Open banking in the U.K. has been disappointing. If you look at Holland, for example, the permission customers have to give to access their data is way easier, whereas the early implementations of open banking in the U.K. have felt like a phishing attack,” Andy Mielczarek, co-founder and CEO of U.K.-based digital bank Chetwood, told PYMNTS in an interview.

Watch the interview: Chetwood CEO Calls Open Banking ‘Disappointing,’ Regulation Key to Neobank Success

And while the customer proposition to offer personalized and relevant product and service as well as a much simpler and faster experience for customers is “brilliant,” Mielczarek said the setup felt intrusive.

“It feels like I’m giving you access to my bank account, rather than giving you access to my data,” he said of the customer feedback the bank has obtained.

Tackling Fraud, Enhancing Security

Yet despite these hurdles, SCA is generally welcomed by consumers. For example, in the U.K., a recent report by Nationwide Building Society found that 42% of people surveyed said that SCA made them feel safer while 27% said it made them more likely to shop online.

The challenge now for retailers and the FinTechs that process their payments is capitalizing on the 27% of people who are driven to shop online by SCA, without losing the 21% of customers the survey found to have had trouble making payments as a result of SCA.

In the end, retailers want to increase conversion while minimizing the risk of fraud. This is why payment gateways like are increasingly building more customization options into their authentication tools in order to give merchants greater control over the SCA process.

Read on: Enhances Authentication Tool to Reduce Abandoned Carts

Niel Smith, head of strategic partnerships at Forter, a payment solution provider for the eCommerce sector, shared some thoughts on this: “PSD3 must simultaneously raise fraud prevention capability to a level commensurate to the escalating threat, but crucially without compromising the buying experience for genuine customers,” he said in an Electronic Payments International report.

Smith’s suggestions for reducing friction while enhancing security revolve around emerging authentication technologies and the need for any new legislation to include these in their scope. He also argued that PSD3 must remain flexible enough to cover any new SCA solutions that may emerge.

But which kind of technologies should PSD3 contain within its remit if it is to support more frictionless SCA? Smith suggests that the most elegant solution is to remove customers “as far as possible” from the authentication process.

On this, he pointed to advancements in biometrics and behavioral science that can identify people on their devices, arguing that such identifiers should form part of PSD3’s permitted customer authentication procedures.

More on this: PYMNTS Intelligence: How Behavioral Analytics Can Ensure a Smoother and More Transparent Authentication Experience

Already, this seems to be the direction that the industry is heading in. As well as introducing more customization options for merchants, has indicated an interest in biometric authentication by purchasing the French startup ubble, which uses artificial intelligence (AI) to power its facial recognition engine for identity verification.

Related: AI Turns SCA Into Opportunity for eCommerce Checkout Improvement

Also related: to Acquire French IDV Firm ubble

But ultimately, regulation brings confidence, and it will take the EU addressing novel authentication technologies for the industry to fully realize their potential.

For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.