Our latest insights

PSD2: Enabled but not yet excelling

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on email
PSD2: Enabled but not yet excelling

Issuer readiness and stability

In order for a transaction to be compliant and successful the Issuer and Acquirer domain both need to enable SCA and apply the 3DS2 protocol. Due to the mandated adoption of 3DS 2, UK issuers have seen an increase in 3DS 2 transactions into their platform. This is adding challenges when it comes to response times, scalability and stability. The data on Netcetera’s platform is in line with the schemes reporting an increasing number of 3DS2 transactions and this will only increase once the UK goes fully live. This is likely to put additional strain on Access Control Server (ACS) providers and lead to potential outages.

A reason for these outages can be attributed to some ACSs lacking major overhaul and scalability since 3DS was introduced in 2000. Changes made in the last 21 years to the protocol have been added onto what are now archaic systems lacking flexibility. As a result of these outages large merchants have reported looking to the schemes stand-in service as alternatives to ensure transactions are not affected. This however comes at additional cost and is not widely implemented, therefor this can merely be a temporary workaround that lacks sustainability.

Navigating the exemption jungle

Up until now merchants have benefitted from the UK ecosystem using sophisticated Risk Based Authentication which allowed them to keep challenge rates to cardholders low. With the pending deadline this is not an option anymore as bypassing SCA will lead to higher declines on transactions from issuers.

Now that the increasing volumes have brought the first issues to light, it would benefit merchants and acquirers to look at SCA exemptions based on their portfolio of cardholders and customers to eliminate friction to the cardholder where it is not needed.

SCA exemptions are defined based on the level of risk, amount, recurrence and the payment channel used for the execution of the payment. These exemptions allow PSPs to achieve the right balance between convenience of the payment experience and fraud reduction.

Data from Netcetera on SCA exemptions so far show that Transaction Risk Analysis and Low Value Payments are the most adopted² (87% for TRA and 11% on Low Value according to Netcetera figures) and it will be interesting to see the impact of further exemptions introduced in version 3DS 2.2 such as recurring transactions, merchant whitelisting and delegated authentication.

The road ahead

With Brexit in the rear-view mirror and the world looking to get back to normal there is an added incentive to ensure issuers, acquirers and merchants are ready come September. Sectors that rely heavily on ecommerce such as travel and hospitality will also look to benefit from 3DS 2.x. The key differentiator in readiness is defined as having the motor running or to have it finely tuned for maximum performance. A prime example of this would be exemptions being enabled on the issuer and acquirer side to see proper results in successful transactions.

Now more than ever, the results in testing have exposed a need for 3DS solutions to be flexible and modular in order to fit into a hierarchy of existing fraud strategy and authentication providers. Initially this would be an investment but is more sustainable than dealing with fraud, scheme fines or an abnormal rate of declines.


1 D. Jordaan, SCA Performance – April 2021, Available at: https://www.linkedin.com/pulse/sca-performance-april-2021-dean-jordaan?trk=public_profile_article_view

2 Netcetera (2021), Webinar: PSD2 SCA being effective – First results,observations and recommendations, Available at: https://pnt.netcetera.com/20210324_PSD2_results

More To Explore

Login or Register

Don't have an account?

Are you part of the Payments Association community?

Not yet set up your login for the Payments Association Community Platform? Set it up now

Set up a free account for instant access to our content

You don’t need to be an Payments Association member to view the majority of our content. Simply enter your details below once to set up your login details and get access to our library of whitepapers, podcasts, consultation papers, webinars and more.

First Name*
Last Name*
Company Name*
Job Title*
Business Email Address*
Confirm Password*
The Payments Association exist to help drive the industry forward. As such the Payments Association may contact you about any future content or events that we think you may have a legitimate interest in. We will store your information securely and will never share your details with third parties other than the relevant resource(s) sponsor(s)/curator(s). You may opt out at any time. By clicking register you are agreeing to the terms of our Privacy Policy.

← back