Ai Video: How can airlines count on fintech for payment optimization?

24th June, 2019

Regulations like PSD2 are paving way for new services and faster payments. PSD2 or the payment services directive in Europe is being associated with a major change in payments and data protection, and it is expected to fundamentally change the value chain.

"PSD2 is opening up the (payment) industry, and breaking the monopoly of certain players on accepting payments," said Simon Eve, Head of Travel, Trustly.

Banks are beginning to expose their data for use by third parties, in particular fintech companies, through open APIs. The use of open APIs to simplify back-and-forth messaging that takes place during the course of a transaction is coming to the fore. Other than authentication, another area to watch out for is improved security. It has to be guaranteed that data is secure, and external services have access only to the controlled data that the consumer has permitted and that the bank has assigned.  

Simon, who was in Brighton, UK, for Ai’s ATPS (13th ATPS Worldwide Event), added that the fintech sector is looking at offering instant, real-time bank transfer to airlines.

Simon spoke in detail about the payment-related complexity and how the same is being taken care of when it came to dealing with multiple players, how airlines today are in a position to localize their payment options in a region like Europe, fraud prevention etc.

By Ritesh Gupta

Check upcoming Ai Conferences dates or

Follow Ai on Twitter: @Ai_Connects_Us

Ai Editorial: Managing legitimate transactions, curbing fraud – a balancing act

7th June, 2019

Ai Editorial: CyberSource has highlighted that effective fraud management requires the careful balance of three interdependent dimensions, reports Ai’s Ritesh Gupta


Payment and fraud executives have to be crafty enough to ensure that genuine customers aren’t denied an opportunity to complete a transaction or even face hiccups with added friction. At the same time, merchants can’t afford to be a victim of fraud owing to weak authentication or fraud prevention mechanism.  

CyberSource (, in its latest report – the 2019 Global eCommerce Fraud Management Report Asia Pacific Edition, has highlighted that effective fraud management requires the careful balance of three interdependent dimensions –

·          Delivering a positive experience for genuine customers and maximising the acceptance of genuine orders - The balancing act, as highlighted by Ai previously, is about being proficient in validating a buyer and such verification shouldn’t interrupt the manner in which they interact and transact with a business. Merchants need to look at new regulations, what sort of action is required and its impact on the user experience, and also the flexibility of consumes when it comes to additional measures that are being taken for authentication. One way to differentiate between transactions is the risk associated with them.

·          Accurately detecting and rejecting fraudulent orders to minimise fraud losses - Merchants need to leverage the prowess of data-driven, artificial-intelligence powered offerings for combatting fraud. Rules-based systems are in general reactive and probabilistic solutions, which is why they are unable to prevent fraud before it happens. Rather than using a blanket rule that forces every user to login with 2FA, real-time surveillance can be used to assess logins in the background, and only logins with borderline risks expected to go through 2FA. Merchants should still develop their own fraud tools that are able to tap on their own sources of data for greater efficiency and more accurate detection of fraud.

Real-time machine learning can help against blanket blacklists and whitelists by focusing on the customer’s behaviour instead. It works with real-time live data collected on the merchant’s website, where the system trains itself with each incoming transactions to identify fraud patterns instead. Deploying a multidisciplinary approach combining different technologies - both supervised and unsupervised machine learning -  would better equip merchants for fraud management. Unsupervised machine learning can be used to learn on the fly and identify fraudulent patterns even without having been trained with historical data, i.e. able to identify unknown fraud attacks. Thereafter, predictive analytics may still be used to run the probabilities of fraud, giving a risk score.

CyberSource indicated that in particular, enterprise organisations tend to more proactive with their fraud strategies because the financial and reputational ramifications of fraud can be far reaching.

·          Efficiently managing the operational costs of fraud management activities – The report also shared that as in other regions, minimising operational costs is generally a lower priority for businesses in Asia Pacific.

The report also highlights that it takes “constant recalibration and fine-tuning of fraud management controls and processes to keep achieving the best balance”.

6 characteristics of the masters of balance, according CyberSource: 

1.     Have a lower chargeback rate

2.     Are more likely to rate ecommerce fraud management as extremely important to their business strategy

3.     Find it less challenging to respond to emerging fraud attacks

4.     Have a greater range of capabilities that give them agility to respond to the dynamic landscape they operate in

5.     Have a greater capability to use data effectively for fraud management

6.     Are less likely to conduct manual review, and spend less in this area


Hear from senior executives about the balancing act at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Click here for more information


Follow Ai on Twitter: @Ai_Connects_Us

Ai Editorial: Optimizing UX for transactions being “challenged” under 3DS 2.0

4th June, 2019

Ai Editorial: 3DS 2.0 promises to combat fraudulent online transactions, but merchants need to cut down the possibility of losing out payments when authenticated using the new version of 3DS, writes Ai’s Ritesh Gupta


Transition to the new version of 3D Secure is being followed closely, owing to its impact on the shopping experience and in improving security of a transaction.

More so for high-risk transactions or in a market like Europe as the PSD2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment service providers. In Europe, organizations are expected to upgrade to the new version by September 2019, to be ready for the enforcement of the SCA or Strong Customer Authentication. Since this directive mandates changes in how fraud review must be conducted on intra-EU transactions, critical issues such as cart abandonment need to be evaluated in detail. The SCA aspect of the PSD2 directive can have negative impact on revenue generation, and this is what the stakeholders are concerned about.

It is being highlighted that 3-D Secure 2.0 will pave way for a real-time, protected, details-sharing channel that merchants can avail to send an unmatched number of transaction attributes that the issuer can use without looking for a static password. One of the highlights of 3DS 2.0 is data sharing. This data exchange is relatively richer owing to the combination of certified SDKs in the checkout flow, paired with data sharing APIs.  Authorization rates can be stepped up with no perceivable alteration to the checkout flow.

Subject to the sort of data being provided by merchants and their respective payment services providers, the issuer is expected to act in a couple of ways to decide on the course of action related to the payment. In case, the information provided is considered to be apt to assess the authenticity of the buyer, then the particular transaction is eligible for a frictionless flow, and authentication isn’t interrupted from a shopper’s perspective. In case the transaction isn’t in line with the normal purchasing pattern, then it ends with what is being called a challenge flow. Accordingly, a requirement crops where one-time password from the buyer is needed to authenticate the payment. This is where the efficacy of the new version comes in, as the challenge flow is blended into the mobile checkout experience without redirects. Visa states that merchants can embed 3DS 2.0 into a web page or native application. One can customize the user interface elements (e.g., buttons, fonts, inputs) for all content for any challenge method used. The mobile SDKs will set up flows within apps. This indicates that a shopper won’t be required to finish the payment in a separate browser-based flow.

Assessing the impact

Merchants need to be alert about the fact that a refined 3DS 2 user experience alone won’t pave way for optimal acceptance rate. Merchants need to be clear about which transactions require authentication and which don’t.

Rodrigo Camacho, Chief Commercial Officer, Nethone, says merchants shouldn’t push 3DS for all transactions.

“At Nethone we have found that 3DS typically costs merchants anywhere between 2% and 3.5% in conversion rates in Europe and upwards of 15% in the Americas,” mentioned Camacho in a company’s blog post. “Typically we have seen that it’s only necessary to push 3DS to less than 8% of your traffic which will lower the impact on your conversion rates by more than 90%.”

According to another analysis, Ravelin’s data indicated that 3DS with improved user experience still lost 19% of payments.

Being prepared

When customers are asked to verify transactions, they are presented with a challenge flow. The challenge method that's used is determined by the issuer. 

Visa’s recommends 3 UX principles:

  • Keep it clear
  • Think human, not robotic
  • Be trustworthy

As explained by Visa, three verification methods are as follows:

  • One-time passcode (OTP) - Customers verify transactions using a secure code sent by text or email. Issuers can choose which delivery channels to make available for the customer. Both are recommended.
  • Knowledge-based authentication (KBA) - Customers verify transactions by answering knowledge-based questions.  
  • Out-of-band (OOB) - Customers verify transactions by entering a passcode or a biometric feature.  

Also, a customer's purchase can be verified on the existing issuer app by entering sign-in credentials. Visa also states that since many iOS and Android users already have the ability to use fingerprint scanning to access their phones, it recommends using the same method to authenticate customers. Also, the team advises any biometric authentication is used in addition to a passcode. So if biometric authentication issues arise, the customer may switch to a passcode. Other methods of authentication are face recognition and voice recognition, which can be done directly via issuer app or via a connected device linked to an issuer app, such as a digital watch. 

Other than UX, there are technical details that also come into play. According to Adyen, these are the front-end libraries (to securely collect and transmit device information, as well as to display authentication flows) and the 3D Secure server. Both work together to exchange information and request authentication.

What to expect

Sasha Pons, Product Director at Ingenico believes that the deployment of the new version of 3DS is going to be an iterative process, shaping up as version 2.1, version 2.2 and so on.

“Such a huge shift in the way merchants collect and share data will not happen overnight. There will be a period of adjustment, and you can take some comfort in the fact that many merchants like you will be going through the same thing,” Pons mentioned in a recent blog post. “What 3DS v2 asks of merchants will change as the practical realities of the new standard become clearer.”

He expects the particular rules around the format, and quality of data needed will evolve as the time progresses.



Check upcoming Ai Conferences dates or

Follow Ai on Twitter: @Ai_Connects_Us


Ai Editorial: Assessing the impact of open APIs on payments landscape

30th May, 2019

Ai Editorial: As consumers look to control their digital experiences, the ease with which one can complete a transaction in a secure environment is extremely important. Ai’s Ritesh Gupta assesses how open APIs are playing their part in this context.


Real-time payments and open banking, along with the opening up of customer banking data to 3rd parties and streamlining of digital payments via regulatory measures, are the main trends that are shaping up the future of digital payments.


Regulations like PSD2 are paving way for new services and faster payments. A lot of areas are being probed today, and one of them includes how open access and application programming interfaces (APIs) are going to impact real-time payments. Are individual banks going to make their data available through different technical standards or a regulation is going to pave way for common API standards in a certain market? Importantly, with open APIs and the implementation of payment hubs, there is going to be support for new networks and hence there will be competition for existing rails.

Open APIs

There are multiple ways in which APIs are playing their part:

  • Streamlining payments as per travellers’ comfort: For instance, a cardholder shares travel plans online or through a mobile banking app, a company like Visa stores the cardholder’s travel details for future matching. A travel tag in real-time within the authorization message is provided. Issuers act on the same, and eventually the possibility of false declines goes down.
  • Processing of payments: The use of open APIs to simplify back-and-forth messaging that takes place during the course of a transaction is coming to the fore. API calls are coming into play to ascertain the payer details. Be it for domestic transactions or cross-border remittances, APIs are helping in making progress. Another area that is being discussed is cart abandonment. The Payment Request API is about cutting down the number of steps needed to complete a payment online, potentially doing away with checkout forms. This API facilitates the exchange of a user’s stored payment, address and contact details between the browser and a site.
  • New products: Open APIs promise to fundamentally transform the experience of payments for end-users. An open API can be accessed under specified conditions by the 3rd party developers. Recently Visa came up with a new platform with a set of beta APIs, specifications and development tools for issuers and issuer processors. These can help in creation of new digital card accounts on demand; set up rules/ limitations around use of digital cards, such as by merchant type, geography etc. 

“Open APIs are all about consolidation of data and processes that sit in different domains and systems. On one side there is more data than ever that helps to understand the context of the payment and on the other, once decisions on purchase are made – one can execute them easily across multiple platforms since they are connected,” mentioned Vojin Rakonjac, Head of Payment Solutions, Voyego.

“Devices or systems that are connected to these open APIs (no matter if it is chatbot or voice conversational agent/ banking chatbot or Siri) will learn more about our decisions and ultimately “know” what we want at a given time and their job is to understand the intent and automate most of the process in the backend so it looks seamless to the end user. There is a great example from Google’s assistant where haircut appointment is booked by voice. Assistant talks in human voice and negotiates timeslot with the local barber shop while on the other side of the line is real person. We should expect things to move in this direction more as long as device knows what are the boundaries that it can work with (time slot, budget etc.) and as long as payments are always performed with proper authentication,” added Rakonjac.

Going forward one area to watch out for is standards and guidelines for open APIs. This is going to be the deciding factor in the effort required for collaboration or integration.

Open banking

Considering that in a region like Europe it is becoming mandatory for banks to open up access to accounts, payment flows and end-customer data to 3rd parties, it is vital for the industry to dig deeper. All these developments are going to impact banks, as the rising role of APIs in retail banking is considered to be a recent phenomenon. Banks are beginning to expose their data for use by third parties, in particular fintech companies, through open APIs. APIs enable banks to expose their in-house data and application functionality to approved apps and services, while monitoring and controlling the flow of data. And by allowing for new digital experiences on mobile apps, 3rd party services etc., banks are potentially opening up to risks, for instance, fintech firms tapping into a bank’s financial data.

“With PSD2 we have banks aggregating a lot of data and opening their APIs so some of this data is available to 3rd parties (transactional, account data etc.). But banks are not using it to the full potential. Banks worry about loans/ credit cards it could offer – where they are sitting on top of data that would be very valuable for merchants or fintech’s and where this context can be fully utilized,” said Rakonjac. He expects innovation/ services around this space where data collected by banks is not used only for risk scoring (3DS 2) but is provided to the other companies where it can provide real benefit to the consumers.

“We already have aggregators that link into European banks and leveraging PSD2 (e.g. Figo). But, as digital identity advances and becomes more mainstream, we might have companies that will aggregate one’s account details for all of the payment methods. This way you will no longer need to have separate credentials or authentication mechanisms but only one. By doing so, customers won’t have to distinguish between payment methods – there would be only one option, Pay. To the customer, we are going towards one payment and one commerce – there will be no difference between physical store and e-commerce and there will be only one pay option.” 

Other than authentication, another area to watch out for is improved security. It has to be guaranteed that data is secure, and external services have access only to the controlled data that the consumer has permitted and that the bank has assigned.  


Follow Ai on Twitter: @Ai_Connects_Us


Ai Video: Why mobile orders are risky?

28th May, 2019

Merchants, including ones from the travel e-commerce sector, need to diligently assess their respective mobile-order fraud-review systems.

According to Riskified, the behaviour of consumers when they shop via mobile and what makes such devices risky has to be ascertained. If not then merchants would continue to grapple with the highest rate of cart abandonment during the checkout process and above-average false-decline rates when compared to other shopping channels.

Sophia Miller, Business Development Manager, Riskified, who was recently in Brighton, UK for Ai’s ATPS (13th ATPS Worldwide Event), underlined that nature of users, the kind of transactions, unsuited fraud review measures, and the device being ATO or account takeover friendly make mobile risky.

For instance, Sophia highlighted that relatively younger travellers are more likely to order travel products using mobile devices, and tickets booked by this audience are 3.5 times more likely to result in a chargeback. She also shared that last minute travel orders are riskier plus mobile orders provide data points that don’t exist in desktop orders (and vice versa). “Fraud measures that are not device-sensitive can lead to 50% drop off rates,” indicated Sophia. As for ATO, she mentioned that mobile devices tend to contain all account, payment information and rewards and mobile apps are a “fraudster’s gold mine”.


By Ritesh Gupta

Ai Team 

Ai Video: Collaboration – the best way to fight fraud

24th May, 2019


Merchants, including airlines, need to take a collaborative route to combat fraudulent activities such as financial fraud, account takeovers etc.

Jan-Jaap Kramer, Founder and CEO of FraudGuard highlighted the same during an interaction with Christopher Staab, Managing Partner, Ai Conferences at the 13th edition of Airline & Travel Payments Summit (ATPS) in Brighton, UK, held earlier this month. 

“I believe in collaboration (for fighting fraud) at every level,” said Kramer. He indicated that fraud prevention as a discipline has come a long way, considering that a fraud analyst used to be isolated from other departments within an airline. And now various sectors have realized the significance of jointly fighting fraud since one fraudster can have access to a customer’s credentials. And these can be used across a variety of retail sites or in other ways to commit a fraudulent activity. “So it is imperative for merchants to cooperate and fight in unison,” said Kramer.

No point in just passing the fraud liability to another company or garnering data to enable real-time risk assessment but just for one’s own benefit. Rather wherever organizations can share best practices and even data they shouldn’t restrict and go for a join effort to fight this complex problem. This way merchants would be better aware of live and recent fraud transactions, chargeback monitoring, what to do when fraud is identified etc.


Ai Video: Gearing up for voice-based transactions

20th May, 2019

Voice commerce is transforming the way travellers search, browse and buy online.

Travel brands have been focusing on the utility of voice features/ assistants, keenly evaluating those aspects of a trip that are tedious, and how can voice make the experience better.

“We have witnessed great advancement in the manner in which one can communicate with voice assistants, their context being understood and being helped out (in various tasks),” said Rodrigo Sánchez Prandi, VP Product, dLocal, who added that the e-commerce sector is witnessing progress on the payments side, too. So from checking the status of a flight to amenities in a particular flight such as Wi-Fi to checking in etc., one can buy trip essentials as well.

Companies like Google acknowledge that designing conversations is quite tricky as human conversations are complicated.

Prandi fittingly referred to the significance of understanding the specific use case of voice search, and counting on contextualization to deliver the best possible experience. “If a traveller is looking for Madrid to London flight, it is important to come up with only a couple of options, rather than giving a user 20 options. There is a need to know the customer really well,” he said. Progress is rapid owing to the fact that these offerings are always getting smarter, delivering new capabilities. The more one uses Alexa or Google Assistant, the more they adapt to a speech type/ pattern, lexicon/ jargon, likings etc.

Some of the considerations that travel e-commerce need to dwell upon:

• Creating a specific voice app like capitalizing on Alexa skills

• Difference between direct voice buys and open-ended voice searches

• Streamlining UX (for instance, Amazon Alexa recommends that enable users to initiate checkout on the website or mobile app, and complete the purchase via Alexa, or vice versa)

Ai Video: Are you ready for the PSD2 legislation?

13th May, 2019 

PSD2 or the payment services directive in Europe is being associated with a major change in payments and data protection. It is aimed at regulating payment collection and payment services in the EU and EEA. The PSD2 legislation came into effect last year, with full operational compliance to technical standards required by September this year.

It is a challenging phase for the entire payment ecosystem, says Laurie Gablehouse, Global Head of Travel Solutions, Ingenico ePayments, who was in Brighton, UK last week for Ai’s ATPS (13th ATPS Worldwide Event).

Laurie pointed out that the standards are still evolving, with grasp over “80% - 90% of what needs to happen”. “(So) the timing is quite late from a technical perspective for everybody to be ready by September.” She recommended that merchants, including airlines, need to assess where this directive is going to be applicable and accordingly, what are the requirements for the SCA (Strong Customer Authentication). The SCA requirement is for transactions between cardholders whose payment cards have been issued in the EEA and merchants located in the EEA. Exemptions include low value payments at the point of sale (to facilitate the use of mobile and contactless payments).

Ritesh Gupta


Follow Ai on Twitter: @Ai_Connects_Us



Ai Editorial: Assessing Aer Lingus' plans for a robust payment infrastructure

8th May, 2019

Aer Lingus recently chose to implement the Apple Pay solution on its mobile app. This payment offering was delivered as a part of the airline's new payments hub platform. Ai's Ritesh Gupta assesses how Aer Lingus is strengthening its infrastructure.


Consumers are being offered the option to shop via vocal assistants, tapping of their phones, QR codes...the list of new options is enticing. Technology is increasingly making it simple for shoppers to wrap up their tasks. To make the shopping experience complete, retailers are also looking at secure payment acceptance.

In an era where the number of ways in which a customer can pay has risen tremendously, facilitating such a wide variety of payment methods can be an arduous task for airlines. 

But airlines can't fall behind when it comes to embracing such trends in retail and commerce. A shopper doesn't differentiate between any product category. So be it for grocery, books or travel, they expect a similar experience. But a key question here is - are airlines nimble enough to facilitate a transaction via a mobile wallet in a specific market and or a new alternative form of payment?

"Airlines can’t easily support new payment methods because of the complexities of the systems while legacy systems are lacking robustness that would enable quick adoption of new payment methods," said Vojin Rakonjac, Head of Payment Solutions, Voyego.

Rakonjac asserted that there are several reasons behind airlines' lackadaisical approach when it comes to accepting new payment methods. It is owing to not aptly comprehending a shopper's expectations, not keeping pace with the current trends in mobile commerce/ e-commerce, and lack of technology readiness.

"Unlike other online merchants, airlines have a lot more systems and each performs its core tasks (inventory management, PSS, Reconciliation tools etc.) but there is no dedicated payment system," said Rakonjac. He further explained: to make things worse, not all of the airlines systems are owned by the airline, so there are many 3rd party vendors to deal with. Because of this complexity, when airlines intends to introduce a new payment method, they need to change a lot of internal systems to accommodate for the data/ flows that are specific to that new payment method. This requires a lot of synchronization with internal departments and 3rd party vendors, and a lot of time and resources to add a new payment method.

"As long as there is no dedicated payment system that is taking on the complexities of the payments, there cannot be an agile environment – because all the systems are impacted," said Rakonjac.

Setting up a robust payment infrastructure

Selling an itinerary featuring multiple destinations or cancelling the same tends to be a complicated scenario for airlines. And this does have its repercussions on the payment side as well.

Rakonjac acknowledged the same and mentioned that payments in airlines are a bit more complex than in other industries.

He said, "For example, if you are buying a book, worst that can happen is that you can issue a refund. With airline it is not that simple. When you go to airlines website, you can: make a booking, manage booking (and change a contents of your basket many times between then and departure (which can be one year from then and even make payments on Check-In (and still refund at the end if needed). So, for starters, payments in airlines are more complex than what you would find with typical merchant."

He further added, "However, the biggest issue is not in the complexity of payments, but rather in the complexity of the systems. In order to create a robust payments infrastructure, you will need to make sure that each of the airline systems performs its core competency and to dedicate a single system that will perform payment-related activities. Currently, because there is usually a lack of dedicated payment system, all of the systems in airlines infrastructure contribute to payment-related processes in one way or another."

To make robust payment infrastructure, dedicated payment system is required. This system needs to cater for all the channels (web, mobile, kiosk, PoS, chatbot, voice etc.) as well as for all the business processes (call centers, airport operations, revenue accounting etc.).

"Once you release rest of the systems from payment-related activities and delegate it to one system, all of the channels and processes can work on top of the same data making it consistent. Once change is needed, you make that change in one system and they are instantly available to everyone," said Rakonjac.

While infrastructure is important, it is just one piece of the puzzle. A tailored payment infrastructure and the structuring of team internally, where multiple teams working in sync within an agile environment, paves way for payment optimization.

Learning from Aer Lingus

Aer Lingus recently launched Apple Pay as a payment method on the Aer Lingus mobile app.

Sharing the experience on working with the airline, Rakonjac said, "Aer Lingus wants to lead in innovation when it comes to payments and follow the latest trends, so they bring more value to their customers. In order to do so, there were number of challenges to overcome in order to make a robust and future-proof system."

He added, "Firstly, it has to be made sure that one is not building a system that will cater for one payment method only – but rather think a bit into the future and predict possible scenarios. Secondly, one cannot overlook requirements of different departments. Knowing payments is one thing, but without knowing airline specific scenarios and needs of every department is completely different. Then, you don’t want to build a system that will be limited to a single PSP but to have a flexibility to work with any PSP if airline wishes to do so with minimum changes (and in some cases, you want to integrate directly with a specific Payment Method)."

Rakonjac also recommended dos and don'ts for introducing digital wallets or any new payment method:

  1. Make sure you support right payment methods for the regions you operate so they are relevant for the customers you serve.
  1. Wherever possible, pre-fill and automate processes so customer can have a seamless purchase experience and make sure that transition from different channels is as easy as possible.
  1. Don’t use some new technology or introduce new payment methods just because other airlines did. Make sure you have a valid reason to do so given many processes become exponentially more complex with the introduction of each new payment method.
  1. Don’t make any changes to the systems if you are thinking of a single wallet – always have a long-term strategy so you can make changes easier later down the road if needed.

Vojin Rakonjac, Head of Payment Solutions, Voyego is scheduled to speak at the ATPS about how airlines can transform the overall payment experience with their current infrastructure on 10th May, 2019.

Follow Ai on Twitter: @Ai_Connects_Us


Ai Editorial: Assessing the impact of PSD2 on e-commerce payments

19th April, 2019

Ai Editorial: The PSD2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment service providers, writes Ai’s Ritesh Gupta


The impact of PSD2 on e-commerce payments is being probed. This payment services directive in Europe is being associated with a major change in payments and data protection.

Merchants and other stakeholders are evaluating a number of issues. One of the key requirements of PSD2 relates to Strong Customer Authentication (SCA) that will be required on all electronic transactions in the European Union from September this year.

Also a critical area from a consumer’s perspective is how their shopping experience is going to be impacted.

The PSD2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment service providers. Stakeholders are evaluating many areas: What exactly are SCA requirements under PSD2? How are acquirers and PSPs gearing up to respond? How can digital merchants, such as travel e-commerce players, deal with stepped-up authentication requests as a result of SCA? How transaction costs are going to evolve?

Impact on CX

For any merchant it isn’t easy to implement any move that results in friction in shopping. For instance, many fraud prevention methods introduce dilemmas between maximising revenue and minimising fraud – e.g. with more rules, implementation of 2FA or multi-factor authentication fraud rates can be lowered, yet more genuine customers will be blocked; on the other hand, with less rules and lax authentication to maximize revenue, merchants will be more vulnerable to fraud attacks. And now with PSD2, the SCA requirements will result in additional friction to the e-commerce payment process. A major question here is – how to cut down on cart abandonment? “Merchants have to be proactive in understanding implications. For instance, evaluate the efficacy of direct debits – understand the scope of the SCA requirements, in which cases it is needed, and what the associated credit risk is?” recommended a source.

Payment specialists also need to assess scenarios where exemption to SCA is permitted.

SCA will require shoppers to validate themselves with at least two out of the following three methods:

  • Something they know  
  • Something they possess  
  • Something they are  

As explained by Worldpay, there’s no need to go through SCA for:

  • Trusted beneficiaries: merchants that are whitelisted by consumers
  • Recurring transactions: regular payments of the same amount to the same business
  • Low-value transactions: payments less than €30
  • Low-risk transactions: payments that have been assessed as low-risk in real-time

CardinalCommerce explains that the SCA requirement “is for transactions between cardholders whose payment cards have been issued in the EEA and merchants located in the EEA. To clarify, if a cardholder with a card issued in the U.S. buys from a merchant located in the EEA, SCA is not required (though an authentication solution is recommended). Conversely, if a cardholder’s payment card has been issued in the EEA and they make a purchase from a U.S. merchant, SCA is not required. These transactions are labeled “one-leg-out” and are out of scope for PSD2-SCA.” Another important aspect – the European Banking Authority “recommends exemptions for payment service providers (PSPs) that adopt risk-based requirements in lieu of strong customer authentication, which ensures the safety of the payment service user’s funds and personal data”.

Another area to assess is 3DSecure 2.0

From the industry’s perspective, 3-D Secure 2.0 will pave way for a real-time, protected, details-sharing channel that merchants can avail to send an unmatched number of transaction attributes that the issuer can use without looking for a static password. Overall, enhanced messaging with additional information for better decisions on authentication. As highlighted by specialists, enabling 3DS 2.0 is way to meet the SCA-related requirements. A payments integration that supports 3DS 2.0 is an industry standard approach to comply with the new EU laws.

The transaction risk analysis could be done in a couple of places: after the credentials have been supplied (to work out whether authentication was sufficient for the payment) or before prompting the user for credentials.

For shoppers, in many cases device information is enough to authenticate without an extra step for the customer. However, some transactions that have higher risk or regulations such as PSD2 require active approval. Specialists like Adyen have indicated that their respective 3D Secure SDKs help companies to set up build these flows and there are three primary types to consider: Passive (The SDK and servers exchange all necessary information in the background. The customer sees nothing); Two-Factor (the user is asked to provide a two-factor authentication code sent via email or SMS); Biometric (an app-switch to an issuing-bank app is facilitated by the SDK. The user can use their fingerprint or face in the issuing bank app).  

As for its implications - 3DS 2.0 has put a lot of pressure on issuers. According to Emailage, the advent of 3-D Secure 2 globally and SCA in the EU will stop online merchants paying for most card frauds. Card issuers will be challenged to authenticate their clients using new transaction data to which they have previously not had access.


Hear from senior executives about PSD2 at the upcoming ATPS (21st Century Customer Experience for Payments & Fraud - Airline & Travel Payments Summit) to be held in London (Brighton), UK  (7-9 May, 2019).

For more information, click here

Follow Ai on Twitter: @Ai_Connects_Us