Banks that demonstrate low fraud rates will be able to offer friction-less customer experience by escaping legal requirement for extra authentication. 

Today marks the end of the European Banking Authority’s consultation on fraud reporting under PSD2. The upcoming Payment Services Directive – due to come into full force in January – has the sometimes competing objectives of facilitating innovation while also strengthening security and protecting customers.

New technology developments in the industry have been known to create sharp increases in the amount of fraud. Losses due to online banking fraud grew by 64 percent from £81 million in 2014 to reach £133.5 million in 2015. Yet, high levels of investment in fraud detection and prevention technologies by banks have now helped to reverse the trend – with losses falling 24 percent in 2016.[1]

The developments under PSD2 will require a new emphasis on tackling the issue. The number of payment service providers who have access to customer data will increase. A greater range of companies will become part of the transaction chain.

Whilst the PSD2 seeks to bring more frictionless transactions for customers, it also includes a legal requirement for payment service providers to use Strong Customer Authentication (SCA) if their fraud detection and prevention rates are not robust enough. Firms will pay a double price if fraud rates increase after PSD2, as they will be required to introduce more friction into the customer experience of payments.

As PSD2 opens up the transaction chain to more providers, Farida Gibbs, of technology consultancy Gibbs Hybrid, warns that banks will have to adapt their fraud detection systems, but can use their fraud prevention capabilities to deliver real competitive advantage.

Farida Gibbs, CEO of Gibbs Hybrid, comments: “As Open Banking creates increased competition in payment services, it will be increasingly important for banks to demonstrate low levels of fraud. SCA, which requires added authentication from the user and can result in customers searching for an alternative payment processor, which is able to process payments without this layer.

“Banks and other financial services firms have put a lot of time and effort into technologies behind fraud detection and prevention. Technology that enables a firm to pick up early warning signs of fraud and promptly send text and email alerts to customers, for example, has been very important in keeping losses to a minimum. And banks have had to implement this despite the challenges of legacy systems and outdated technology processes.

“Their success in reducing the level of fraud losses through online banking is testament to the forward-thinking work that is being done. This will become even more important as Open Banking approaches.

“The legal requirement to put in place Strong Customer Authentication (SCA) will create much greater friction for consumers, but those firms who are able to demonstrate outstanding fraud management will be allowed to use Transaction Risk Analysis (TRA) instead. This has the great benefit of being invisible to customers, introducing no further delays into their payments.

“Analysing transactions behind the scenes for unusual behaviour is not a new method, and is one that banks should be able to adapt to the demands of the new Open Banking environment. The stakes are high – if they can demonstrate success in this area, providers will be able to create a great customer experience for payments, whilst keeping security uncompromised.”

[1]https://www.financialfraudaction.org.uk/fraudfacts17/assets/fraud_the_facts.pdf