The revised payment services directive, or PSD2, has played a big part in fraud management rules since its introduction in 2018.
With PSD3, however, payment service providers (PSPs) can use personal data to prevent fraud without asking each customer for permission, as long as it’s for stopping fraud. Now, more people and businesses involved in making and receiving payments, not just the banks, will play a key role in payment fraud prevention.
Important Changes With PSD3
PSD3 is changing things up from the earlier PSD2. Specifically, the ruleset will revise how we verify identities during the payment process.
PSD3 will allow participants in a transaction to use two two authentication factors from the same category to confirm your identity. This is in contrast to PSD2, which required two forms of verification in different categories (possession, knowledge, or inherence). These relaxed standards will make verification slightly less effective. However, it will remove significant friction and make payments easier.
Also, a successful idea from the UK and the Netherlands, called Confirmation of Payee, is going to be used in every market in which PSD3 applies. This means businesses and payment service providers have to be careful about checking who receives the money from a payment. This helps make sure you’re sending your money to the right person.
Fraudsters Targeting Vulnerable Touchpoints
Fraudsters are always looking for potential points of attack. It’s not just when you’re creating an account, or when logging in, but also when you change your account details, for instance.
If a fraudster gains access to an account, and changes your shipping address or phone number, they might then be able to hijack one-time password (OTP) requests. The scammer could undermine and defeat those stronger protections offered by two-factor authentication. This shows why online shops need to protect their customers every step of the way.
Customers are a weak point in the chain. That’s why teaching customers about fraud is super important. Sometimes, the easiest way for fraudsters to trick people is by talking to them directly during any online activity, trying to make them send money somewhere it shouldn’t go. Cardholder education needs to be upgraded to ensure that buyers know how to insulate themselves against attacks.
Online Shops Need to Step Up
Sharing data, and getting insights from different sources, is crucial for online shops to fight fraud.
Everything is connected nowadays. And, insight into a variety of digital interactions — everything from ATM withdrawals to online shopping — all in one place, helps us make smarter decisions.
To stop fraud, businesses need a big picture that includes digital, physical, and behavioral analytics, with data pooled from an incredibly broad range of sources. I’m talking about using information from a diversity of regions, product verticals, sales channels and models, delivery methods, and fraud response approaches. This will enable us to better fight complicated fraud and protect customers.
While many businesses use different tools and data to fight fraud, not many are bringing it all together to see the whole picture of risk. Using a mix of strategies that include fresh data from a worldwide group can help catch more fraud and make things safer without making it harder for customers.
This strategy also means we can focus better on points of greater risk. We can understand who we’re dealing with more clearly, and find possible fraud before it affects customers.