Prepare for PSD3's New Anti-Fraud Requirements

What are the main requirements of PSD3?

The proposed changes outlined by the European Commission in 2023 will result in the existing PSD2 directive, being replaced by two new pieces of legislation across all EU member states: PSR1 (Payment Services Regulation) and PSD3. The new directive aims to level the playing field between banks and Payment Institution’s (PIs) and increase security. The most important proposals from the perspective of PSPs include:

1. Liability Shifts: A shift in the liability dynamics between PSPs and their customers, with the burden of proving fraud or gross negligence resting with the PSP. If a PSP fails to notify a payer of a mismatch between the unique identifier and the payee’s name during an authorized transfer, for example, the PSP will be financially liable for any losses that result. And if the payee’s PSP is at fault, it must reimburse the payer’s PSP.
2. Robust Fraud Monitoring: The new PSD3 draft proposal includes provisions for the exchange of fraud data between banks and PSPs to enhance fraud detection and prevention. It introduces specific liability requirements, fraud reporting mechanisms, and initiatives to raise Payment Service User (PSU) awareness. The directive allows PSPs to voluntarily share data such as user location, payment time, device used, spending habits and merchant details to identify emerging fraud trends and apprehend financial criminals. Additionally, there is a commitment from market stakeholders to improve customer education on fraud risks.
3. Streamlined authentication: The new PSD3 regulations will enhance the open banking checkout experience by eliminating multiple app redirections, simplifying authentication steps, preventing session timeouts and ensuring consistent user interfaces. Payments will be more seamless, not limited to trusted or domestic beneficiaries, with improved payment status and error messaging.

Security vs convenience

These are significant changes and PSPs should already be preparing for their introduction. The challenge is that the payments sector is highly competitive, and customers want convenience, speed and security – fraud prevention is not just a requirement, it has become an important differentiator for PSPs. The companies that will come out on top will be those that can simultaneously protect their customers (and themselves) from fraud and provide a frictionless, quality customer experience.

This does not have to be a trade-off between security and convenience – it is possible, with the right solution and approach, to achieve both. PSPs and fintech providers that can embed real-time, multi-layered risk assessment capabilities across multiple channels will be best positioned to stay ahead of their competitors.

Technology is the answer

Fortunately, technology is on our side – although we must acknowledge that we are in a fight where fraudsters are exploiting AI in increasingly imaginative ways – so are we. Our LexisNexis® ThreatMetrix® solution leverages artificial intelligence to accelerate risk-based decisions with automated, precise risk scores, by using supervised and unsupervised machine learning models that scale improved fraud detection and risk appropriate experiences at every stage of the customer journey.

At the heart of a successful solution is the understanding that risk assessment becomes much more efficient and effective if you really understand how a customer normally behaves – that means you can spot when something isn’t quite right. The ever-widening array of payment options – bank transfers, direct debits, instant payments, digital wallets, QR codes, online banking and more – make keeping track of ‘normal’ behavior a huge challenge, but powerful machine learning solutions provide the answer. ThreatMetrix® delivers a deep understanding of consumer payment behavior across all payment channels and methods, creating a comprehensive and continually updated digital identity for each customer.

This unique digital identity can encompass multiple payment instruments and create a truly frictionless and secure payment experience for customers. In the case of card-not-present transactions, for example, ThreatMetrix analysis allows PSPs to make seamless and accurate authorization decisions even before the authentication request is initiated. This means, in effect, that unnecessary 3DS challenges are not presented to legitimate customers – resulting in a far better experience for them, and lower costs associated with chargebacks and false positive flags for PSPs.

A multi-layered approach

In the fight against fraud, information is power. Meeting the new PSD3 requirements efficiently will require layered solutions across multiple dimensions, analyzing a vast pool of identity, transaction and behavioral insight and creating an accurate view of risk across each customer touchpoint. ThreatMetrix allows PSPs to harness intelligence related to devices, location, identity and past behavior to confidently distinguish between trusted and fraudulent actions.

The future is collaborative

With the payment sector innovating at speed, the question remains of how PSPs can continue to protect customers and meet their evolving needs in the future. ‘Invisible’ payments – where the payment process is completely automatic – are the ultimate aim, but this can only be achieved if the customer feels safe and trusts the process. In my view, that will require greater collaboration and data sharing between PSPs.

We are at the forefront of this movement with our extensive LexisNexis® Digital Identity Network®, a crowdsourced intelligence database aggregating more than 109 billion global transactions a year including logins, account openings and payments and 3 billion digital identities.

Our pioneering approach in data sharing not only enhances fraud detection but also establishes us as a trusted partner for confirmed fraud feedback and truth data. Collaboration between banking and non-banking players is essential as fraudsters become ever more determined and sophisticated in their approach. By joining our network, PSPs can access comprehensive, real-time insights and leverage our advanced AI and ML capabilities to ensure robust security while maintaining a seamless customer experience.

Conclusion

As PSD3 approaches, PSPs must prioritize the integration of advanced security measures and collaborative practices. The key to thriving in this new regulatory landscape lies in leveraging technology to provide secure, efficient, and user-friendly payment services. By doing so, PSPs will not only comply with regulations but also gain a competitive edge.