Achieve PSD2 Compliance Without Increased Customer Friction

Kount helps merchants comply with PSD2 and SCA directives to take advantage of TRA exemptions to reduce friction without losing sales and enable compliance with reduced cost.

Request a Demo
europe_dots@2x

How PSD2 and SCA Affect Merchants

PSD2, the second Payment Services Directive, requires merchants and issuers to implement Strong Customer Authentication to protect payments and customers.

PSD2 applies to every transaction where at least one part is located in the European Union.

Strong Customer Authentication and Friction

SCA requires two or more of the following independent authentication elements for all electronic transactions:

  1. Something the customer knows (e.g., your PIN)
  2. Something the customer has (e.g. your card)
  3. Something the customer is (e.g. biometric ID)

TRA Exemptions

Transaction Risk Analysis (TRA) identifies low-risk transactions under PSD2. TRA exemptions allow those transactions to bypass the SCA process. This enables a frictionless journey for low-risk customers who would otherwise experience unwarranted friction.

SCA exemption policies are based on the issuer’s fraud rates across their cards, and the acquirer’s fraud rate across their portfolio. PSPs must meet specific fraud thresholds tied to the value of individual transactions.

3D Secure 2.0

3D Secure 2.0 (3DS2) is the updated payment authentication protocol standard for online transactions. 3DS2 meets SCA requirements, and card brands have adopted the 3D secure protocol into their services, which includes a liability shift for merchants.

However, without an effect fraud solution, 3DS2 can increase customer friction, lower conversion rates, and force merchants into high fraud rate programs.


Advanced Fraud Screening

To take advantage of TRA exemptions and avoid SCA where possible, transactions must pass a robust risk analysis, or fraud screening. PSD2 requires that robust risk analysis include six elements to qualify as robust fraud screening:

  1. Abnormal spending or behavioral pattern of the payer
  2. Unusual information about the payer’s device/software access
  3. Malware infection in any session of the authentication procedure
  4. Known fraud scenario in the provision of payment services
  5. Abnormal location of the payer
  6. High-risk location of the payee

 


Using Kount to Meet SCA Requirements
for TRA Exemptions

Kount provides the robust fraud screening required for Strong Customer Authentication, allowing merchants, insurers, and acquirers to take advantage of the TRA exemptions and avoid customer friction on low-risk transactions. By taking advantage of TRA exemptions, merchants can reduce friction for customers and increase conversion rates.

Requirements #1 and #2

Recognize and stop abnormal payer spending, behavior, and access.

Abnormal spending, behavior patterns, and anomalies in device or software access can indicate account takeover fraud. Kount meets these requirements through the following features:

Device ID identifies a unique device and associates it to a user, linking data that enables risk and trust-based user authentication policies.

Trusted Device stores information about the user and their devices, noting whether a device has been seen before and whether it can be trusted.

IP Risk identifies risky logins, where credentials don’t match the identity, and generates a risk score. If the IP risk is high, Kount challenges or blocks the device.

Multi-dimensional velocities look at variables to identify network locations, devices, and accounts.

Requirement #3

Identify malware infections in any session of the authentication procedure.

Kount identifies the attempts of a malware-affected device to spoof the identity of a customer and blocks risky users:

Device ID identifies virtual machines, emulators, or advanced fraud tools to block risky users.

IP Risk detection predicts risk based on velocities, rules, and IP location based on the behaviors seen from the device or IP attributes in the Identity Trust Global Network.

Proxy analysis tool determines whether a router is communicating with other servers.

Requirement #4

Detect known fraud scenarios in the provision of payment services.

Kount detects known fraud scenarios by looking at transaction anomalies:

Kount’s AI plus supervised and unsupervised machine learning detects known fraud scenarios and score the risk through Kount’s Omniscore.
• Decisioning policies based on Kount’s AI Omniscore use policy parameters to compare past and present transactions and identify known fraud.
Velocity policies can be set to trigger based on unusual recurring actions within a certain timeframe to highlight deviations.

Requirement #5 and #6

Identify abnormal or high-risk locations of the payer or payee.

Kount identifies and validates the attributes and locations of both devices and software in real time to ensure safe customer authentication:
Device ID collects insights about a device associated with a specific user. It accurately identifies returning visitors based on their previously-used device parameters and location.
• The Identity Trust Global Network identifies and authenticates device and software information and location in real time to ensure safe customer authentication.

Kount Protects the Complete Customer Journey
Along with 3DS2 Technology

Kount’s AI-driven digital fraud prevention technology and solutions reduce digital payments fraud and account takeover fraud, protect against chargebacks, and deliver personalized customer experiences.

By combining Kount’s industry-leading fraud prevention with 3DS2 payment authentication, merchants can remain in compliance with fraud threshold rates and take advantage of the chargeback liability shift. They can reduce overall costs by minimizing the frequency of 3DS2 authentication to achieve a greater reduction in false positives, manual reviews and chargebacks. Kount and 3DS2 protect customers along the entire customer journey, to reduce friction and provide a better customer experience.