Ewoud Barink is a Business Development Manager at Worldpay. He specialises in blockchain and cryptocurrency eCommerce payments. Here, he answers the key questions on how the final implementation of PSD2 will affect crypto exchanges.
Since it became law in January 2018, has had a significant impact on the practices of payment service providers – and crypto exchanges/brokers are no exception. The legislation has already started to affect everything from the way crypto customers pay online, to the information they see when making a payment.
It’s also increased innovation potential for payment providers and put an end to surcharging. But an additional challenge will come in September, when the final stage of PSD2 is implemented. Read on to find out how this could affect your crypto exchange.
What’s the main challenge for crypto exchanges?
From 14 September, Strong Customer Authentication (SCA) will be required for all electronic transactions in the European Economic Area. SCA essentially means 2-factor authentication, meaning that consumers will have to put in extra security information to buy crypto – or anything else online – in Europe.
This should help to lower fraud and increase security for customers buying crypto with their card. It could also have an uplifting effect on the sometimes challenging authorisation rates we often see in the crypto industry – as issuers will have higher confidence in a transaction if it is fully authenticated. However, the more information you ask a customer to provide during payment, the more friction you add to the payment process, which does mean you’re risking a spike in dropouts.
How can crypto exchanges overcome this challenge?
The main method for performing SCA on card transactions will be 3D Secure (3DS) essentially this will become a requirement for every online merchant after September. The good news is that 3DS is being upgraded and improved with the release of 3DS2, which will provide your customers with the most seamless authentication experience possible.
If the issuer does decide to challenge the cardholder to authenticate themselves (hopefully in less than 20% of cases), with 3DS2, there are lots of new ways to complete the authentication, including using biometrics, one-time passwords or the cardholder’s mobile banking app.
Are there any ways to avoid fully authenticating every EEA transaction I receive?
There are a number of SCA exemptions available as part of the new requirements. Transactions that are considered low-risk, based on a real-time risk check, aren’t subject to SCA. This method can be used on transactions up to 500 euros, depending on the fraud rate of your acquirer.
Low-value transactions of less than 30 euros are also exempt from SCA, while the same goes for ‘whitelisted’ transactions – those with repeat customers who tell their issuing bank that they trust your site.
Using exemptions can help provide your customers with a frictionless payment experience, and can reduce the costs that the new levels of authentication are expected to bring. For these reasons, consider putting an exemption strategy in place as soon as possible.
At Worldpay, we’ve built a brand new service (Exemption Engine) that will help you maximise the number of SCA exemptions you can request – saving you money and helping you to retain a frictionless payment journey.
Will PSD2 create any new opportunities for crypto exchanges?
While 3DS2 will make authentication much slicker, ultimately PSD2 may add more friction than we see today when paying for crypto on cards. This means that one of the by-products of SCA may be that alternative payment methods will become more popular, especially eWallets. Although alternative payment methods will also be subject to two-factor authentication from September, many of them are already compliant with this rule, will not need to make changes to their checkout and offer a very frictionless overall experience.
As a Crypto exchange, you can capitalise on this opportunity by offering your customers a greater selection of alternative payment methods. Exchanges who provide the most convenient ways for people to purchase crypto will likely gain customers and strengthen their position in the market.
If you’re only offering card payments, we strongly recommend implementing 3DS2 (via 3DS Flex) into your payment flow. Using 3DS1 generally sees 22% of transactions abandoned by the customer. With the roll out of 3DS2, card schemes are introducing new rules that require retailers to keep transaction abandonment rates below a 5% threshold. Essentially putting measures in place to ensure tighter security checks do not deter customers from completing transactions online.
When 3DS2 is used, card schemes have informed issuers that authorisation rates should be 95% or higher – which is great news for crypto exchanges and their high transaction values.
I handle a lot of crypto-to-crypto payments. Are these affected by PSD2?
Cryptocurrencies are outside of the scope of PSD2 – unless a credit or debit card is involved – so SCA does not need to be applied to crypto-crypto transactions.