noun_Email_707352 noun_917542_cc noun_Globe_1168332 Map point Play Untitled Retweet

Is strong customer authentication and frictionless card payments a contradiction?

In this blog post, Line S. Borgsø explains how you can reduce friction for cardholders, optimize conversion rates and reduce fraud losses with TietoEVRY's new RBA Risk Engine.

Line Snefrid Borgsø / February 25, 2021

Following the European Banking Authority’s mandate that the requirements for strong customer authentication (SCA) be fully enforced by 1 January 2021, SCA is now required for online card payments in most countries. The question now is how to deal with the increased friction that comes with SCA while still remaining SCA-compliant. TietoEVRY’s Risk-based Authentication Engine provides the answer.

TietoEVRY’s Risk-based Authentication Engine will identify low-risk payments and allow them to be processed without SCA in order to reduce friction in online card payments. At the same time, high-risk transactions will be declined on the grounds of potential fraud. Transactions in the gray zone (i.e., that fall somewhere between low risk and high risk) will be secured by SCA two-factor authentication. The built-in fraud rate calculations will ensure that exemption amounts are correctly set. This will increase customer satisfaction and deliver a real-time frictionless customer experience.

So far, the payment card industry has focused on implementing the SCA requirements, but now it is time to consider how to safely reduce the use of SCA. Since most online card payments are genuine transactions, how can these payments be safely exempted from the SCA rules?

Why is a frictionless experience so important?

According to Statistics Norway, e-commerce shopping in Norway increased by 9.2 percent between 2018 and 2019 and by 36 percent between Q4 2019 and Q4 2020. At same time, customers expect their online shopping experience to be easy and frictionless. In Norway we use BankID for SCA, and many European countries have adopted similar solutions. The question is what happens if BankID is unavailable at the time of payment? There is a huge risk that the customer will then choose to use a card from a different issuer, one that creates less friction at checkout. So, ensuring a frictionless experience is important for both the cardholder and the card issuer.

Finanstilsynet, Norway’s financial supervisory authority, published a news article on 2 February 2021 encouraging the payment industry to utilize the exemptions to SCA provided in the Revised Payment Services Directive (PSD2):

  • Contactless payments
  • Unattended terminals for transit and parking
  • Recurring payments
  • Trusted merchants
  • Low-value remote transactions
  • Transaction risk analysis

Under the transaction risk analysis (TRA) exemptions, electronic payment transactions may be considered as low fraud risk and be exempted from SCA when specific conditions are met. For example, fraud rates calculated by the payment service provider must be equivalent to, or lower than, the reference fraud rates specified in PSD2. It also requires a real-time analysis to identify any abnormal spending behavior and take into account information about payment device, software and malware, known fraud scenarios, and information on the location of the payer and the payee. The analysis should be performed in real time, based on current and historical transaction data.

In sum, TRA exemptions require a new way of thinking and some complex analyses based on both 3D-secure authentication and payment authorization.

TietoEVRY’s Risk-based Authentication Engine

TietoEVRY now delivers a new solution called the Risk-based Authentication Engine (RBA Risk Engine). This solution will combine data from the different processes so that TRA can be performed according to the requirements. This solution will provide TRA for card issuers to ensure that all online card payments are analyzed in compliance with TRA requirements. The RBA Risk Engine solution benefits from TietoEVRY’s long experience in card security and fraud monitoring solutions. The strength of our existing solutions enables us to build a risk-based authentication engine that utilizes the TRA exemptions while enhancing the quality of existing card monitoring systems.

TietoEVRY strongly believes that utilizing the TRA exemptions and declining highly suspicious 3D-secure authentications will reduce friction for cardholders, optimize conversion rates and reduce fraud losses for the issuing banks. Let’s not forget that a happy cardholder is a loyal cardholder!

Read more about TietoEVRY's Financial Crime Prevention services here.

Line Snefrid Borgsø
Product Manager, Financial Crime Prevention

Author

Line Snefrid Borgsø

Product Manager, Financial Crime Prevention

Share on Facebook Tweet Share on LinkedIn