Webinar: Fight or flight? Alerts, disputes and the hidden costs of chargebacks – May 13th 12PM Eastern
Webinar: Fight or flight? Alerts, disputes and the hidden costs of chargebacks –
May 13th 12PM Eastern
Webinar: Fight or flight? Alerts, disputes and the hidden costs of chargebacks – May 13th 12PM Eastern
Webinar: Fight or flight? Alerts, disputes and the hidden costs of chargebacks –
May 13th 12PM Eastern
Internet use has grown exponentially in the past decades and has impacted our lives, especially how we make payments.
While these changes are welcome, they carry potential security problems that can wreak havoc on payments. To keep pace with the rapid evolution in the payment industry, the European Union revised the Payment Services Directive (PSD) to PSD2.
This guide explains what PSD2 is and what it means for consumers and merchants.
PSD2 is a European rule for electronic payment services. The original version was approved in 2007 to build a single market for payments in the European Union and European Economic Area. The directive made payment processing easier, allowing the entrance of new payment service providers.
In 2013, a proposal for PSD2 was published with the intention of:
These goals affect third-party access to customer account information and customer authentication. To improve customer protection, PSD2 has stronger requirements for online payments, including multi-factor authentication (MFA).
On the innovation and competition front, third-party players can now access consumer data from their financial institutions using APIs, provided they have customer consent. As a result, two new types of service providers were defined:
Payment Initiation Services (PIS) are simply online payments that include entering banking details to make online purchases. The PSD2 Directive forces banks to share customer data with authorized third-party payment solutions with customer consent. Consequently, new players – PISPs can enter the market.
PISPs function like intermediaries between merchants and financial institutions. They allow direct transfers (with consent) from a customer’s bank account to a merchant through APIs.
AIS is a key part of PSD2, which enables businesses and consumers to share information with third-party players.
With customer consent, Account Information Service Providers (AISPs) have access to their bank account data, including account balances, transactions, standing orders, and direct debits. With all this data, AISPs offer consolidated views of consumer payment accounts.
Although PSD2 gets rid of banks’ monopoly over customer account information, it doesn’t mean they are out of the game. PISPs and AISPs cannot operate as banks as there are services they cannot legally offer.
All companies dealing with electronic financial services need to be PSD2 compliant. They have to meet several requirements that vary depending on the business type to achieve this.
The entrance of third-party payment service providers adds entry points to transaction chains. While these entry points provide convenience, they are also potential weak points in transaction chains that fraudsters might exploit. To improve consumer protection and lessen fraud, PSD2 enforces SCA.
The key component of SCA is multi-factor authentication, where consumers should provide other independent identity confirmation methods. These methods include something a consumer is, knows, and owns, including fingerprints, PIN codes, and tablets.
However, some transactions in the EU or UK are exempt from SCA. These include:
PSD2 implementation was smooth for most parties, probably because sufficient compliance time was allowed. But even then, PSD2 adoption has impacted merchant operations in several ways:
It is challenging to ensure a great customer experience, and PSD2 implementation made it harder. Consumers value security, but they also value smooth delivery of service. Merchants are constantly struggling to develop ways to deliver frictionless experiences, especially since the new security requirements are prone to create friction.
SCA protocols are a good step in ensuring the protection of all parties involved. However, merchants have difficulty implementing these security requirements without negatively impacting the customer experience due to added friction.
According to the Fair Credit Billing Act in the US and Section 75 of the Consumer Credit Act in the UK, consumers have the right to charge back debit or credit card transactions. However, with PISPs, transaction disputes are different. Since they aren’t debit or credit card transactions, there’s no assurance the service provider will reverse the transaction amount in case of a dispute. As such, customers are wary of third-party payment solutions, which is bad for business.
Merchants transacting with consumers in the European Union are affected by PSD2 regardless of where they are located. For instance, merchants operating from North America must abide by some PSD2 regulations to acquire customers in the EU.
With the SCA implementation requirement for PSD2 compliance, many merchants turned to 3D-Secure 2.0 solutions. Although this worked, implementing too many safeguards simultaneously has side effects, including authentication failures.
Enhanced security is great, but it can lead to unnecessarily lost revenue. The original 3DS’s addition of friction to the checkout process led to many more abandoned shopping carts. The development of a “frictionless flow” for low-risk customers in 3DS 2.0 reduced revenue loss to abandoned shopping carts, but the problem still exists.
Regardless of how PSD2 upsets merchant operations, the directive is here to stay. To get ahead of the game, merchants have to change and adapt.
Transaction friction caused by PSD2 can be grouped into negative and positive friction. Positive friction creates reasonable fraud barriers with minimal impact on customer experience, while negative impact slows down transactions and leads to cart abandonment without necessarily reducing fraud.
Understanding the difference between the two and which to focus on implementing can help merchants remain PSD2 compliant without grossly affecting their bottom line.
Yes, SCA requirements under PSD2 add transaction friction, but with positive friction practices, merchants can be compliant while keeping lost customers to a minimum.
PSD2 regulations unwound the banks’ monopoly on customer data, opening the door for third-party payment service providers in the EEA payments market. The increased competition will foster the creation of new financial solutions beyond the payment industry.
For more information on PSD2 and other related topics, contact us or visit the Justt blog. As a leading chargeback mitigation solution, Justt can help you manage the volume of chargebacks that come through as you work to remain PSD2 compliant, while reaping a profit.
Starting June 17, 2025, Stripe is rolling out a major change to how it charges merchants for disputes, and if you’re not prepared, it could get expensive fast. This post will walk you through what’s changing, why it matters, and how merchants should think about Stripe chargebacks. For more information, see Stripe’s announcement here. What’s […]
Chargeback alerts and Rapid Dispute Resolution (RDR) are important tools for merchants. Using them wisely as part of an overall chargeback management strategy is key to maintaining a good reputation with card issuers. Alerts, RDR and chargeback automation have a significant impact on merchant bottom lines. While we’ve been offering chargeback alerts and RDR for […]
Payment methods and fraud techniques are ever evolving, and that means your stack needs to evolve even faster. However, with so many technologies available, it’s hard to know what’s needed, what’s useful, and what you can do without. This article examines the essentials for any payment stack in 2025, as well as emerging technologies that […]
Chargebacks don’t just entail payment reversals for merchants, but also additional fees levied by acquirers to cover the costs of managing the chargeback process. The chargeback fee, along with the chargeback amount, is normally subtracted from the payment due to the merchant in the period when a payment dispute is filed. Many acquirers and PSPs make the […]
Travel and hospitality related friendly fraud is sky high and rising – incurring huge costs to businesses forced to devote time and money to combatting illegitimate chargebacks. This marks a crisis for an industry where mere percentage points dictate who soars high and who goes under. Fortunately, a range of tools and strategies are available […]
Visa has rolled out a new program that’s changing how merchants and acquirers are monitored for chargeback and fraud ratios. Keep reading to learn what you need to know. The new Visa Acquirer Monitoring Program (VAMP) went into effect on April 1, 2025, consolidating the Visa Dispute Monitoring Program (VDMP) and Visa Fraud Monitoring Program […]
