One of the most important new measures is data sharing. Under PSD3, PSPs will be allowed to process personal data without requiring explicit consent from the customer, as long as the information is used for fraud prevention purposes. We believe access to more accurate, more comprehensive data is critical to managing fraud risk and we’ve developed deep expertise in data sharing. Our consortium capabilities allow LexisNexis® Risk Solutions customers to share information to collectively fight fraud within the boundaries of GDPR and national data privacy regulations. This layer complements an organization’s local intelligence and the global shared intelligence harnessed through LexisNexis® Digital Identity Network®
, allowing organizations to make more accurate risk decisions and enhancing protection against fraud.
A significant shift from PSD2 involves SCA (Strong Customer Authentication), where PSD3 introduces the possibility to use two authentication factors of the same category. This measure simplifies the payments process but has the potential to weaken the standards of authentication.
Finally, the success of Confirmation of Payee in the UK and Netherlands will be adopted across the entire PSD3 jurisdiction. This will have a considerable impact on liability ownership. Third parties and PSPs will need to make sure they conduct transaction risk assessment and confirm who is the beneficiary of that payment. For instance, if we are initiating an instant payment and transfer funds to a third party, we should be able to verify the IPA account. Within Europe, the IBAN account number matches the owner’s name of that account, so this will protect the payer while giving greater confidence that they are paying the true beneficiary.
Which stage in the customer journey is the most targeted by fraudsters?
Fraudsters are not only targeting the conventional customer touchpoints of new account creation, logins and payments but also change of details events, according to insights from the LexisNexis® Risk Solutions Cybercrime Report 2022
. This emphasizes the need for ecommerce businesses to play their part in protecting the entire customer journey, as once the fraudster has the opportunity to change details, they could change the shipping address or phone number to illegitimately receive one-time passwords (OTP).
Investing in fraud education for customers is also a necessity. The weakest links in the chain are the customers themselves. During any digital touchpoint, there could be a window of opportunity for fraudsters to interact with legitimate customers and try to influence their behavior and their decision to make an unknown fraudulent payment.
How can ecommerce businesses streamline the payments touchpoint while ensuring fraud risks are kept at bay?
We understand the need to secure a payment with limited impact to customer experience is paramount for ecommerce businesses.
At LexisNexis® Risk Solutions, we can help identify risks and passively authenticate transactions before the payment is authorized. These security checks can occur without adding unnecessary friction before the payment, by passively leveraging transaction and identity data. So, if you are a PSP or a merchant, before you even send the transaction to a PSP to be authorized, you can leverage the data intelligence we provide to identify a purchaser’s behavior, the IP location and the amount of that transaction.
How should ecommerce businesses elevate their fraud prevention strategy in response to increasingly complex fraud challenges?
Data sharing, aggregating insights across channels, and using intelligence from global networks is key for ecommerce businesses.
Interactions today are dynamic, interconnected and instant. To help prevent fraud, businesses need context and insights that link customers across digital, physical and behavioral dimensions. By leveraging the intelligence from all available channels, as well as from different industries using a global repository of intelligence, we become better prepared to tackle complex fraud and events that could put a legitimate customer at risk. To be able to consider insights from all touchpoints, from ATM withdrawals to point of sale transactions, digital banking and card-not-present purchases in a single view, provides an enhanced level of decisioning.
Many organizations utilize a range of fraud intelligence and analytics but few are optimizing their fraud solution strategy to capture a holistic, unified view of risk. Businesses leveraging a multi-layered approach based on a unified view of physical, digital and behavioral identity will have the ability to respond more effectively to current and emerging fraud threats.
A multi-layered solution strategy that also incorporates near real-time event data from a global consortium will help improve fraud capture and deliver additional benefits such as:
- Strengthen security without sacrificing customer convenience
- Reinforce high-risk customer touchpoints with tailored, risk-appropriate assessment
- Enable identity assessment from a robust, networked perspective
- Proactively uncover fraud risk signals and anomalies before an identity enters the customer ecosystem
- Harness the power of global shared intelligence through LexisNexis® Digital Identity Network® and access data from billions of annual transactions across diverse industries