How to beat fraud and be PSD2 compliant with NetGuardians
NetGuardians’ state-of-the-art fraud mitigation solution not only accurately analyzes the risk of every bank transaction but also makes fraud reporting simple, helping banks meet the key fraud requirements of PSD2, writes Sandy Lavorel
Banks across Europe have less than a couple of months left to prepare for the second Payment Services Directive (PSD2), which comes into force on the 14th September 2019. If what we are seeing is anything to go by, many still have plenty of work to do, particularly when it comes to the directive’s fraud-mitigation obligations.
The good news is that technology from NetGuardians allows banks to perform accurate transaction risk analysis in real time and satisfy their obligations without adding friction to transactions, thereby maintaining a good customer experience. In fact, our award-winning fraud mitigation software is already used by more than 50 Tier 1 to Tier 3 banks. So if you’re not one of those, here’s what you need to know.
PSD2 will allow customers to grant third-party providers access to their bank data so they can offer new ways to pay for things and new services. However, the risk is that it might be easier for fraudsters to get hold of that data, increasing the opportunities to commit fraud.
A deeper glance at the new regulations to mitigate fraud
To protect customers and banks, the European Parliament and the European Banking Authority have imposed several stipulations. These include reporting of statistical data on fraud at least once a year and the application of a strong customer authentication (SCA). For the first time, there is a written requirement that banks “reduce to the maximum possible extent the risk of fraud” by having “transaction monitoring mechanisms in place that enable them to detect unauthorized or fraudulent transactions”.
First, fraud reports must include information such as the number of attacks, successful and not, the amount lost to fraud, timing and destination/origination of the fraud and more.
Second, the SCA demands at least two of three types of authentication for electronic transactions.
These categories are:
- Knowledge – something only the user knows, such as a password
- Possession – something only the user possesses, such as a card reader or token
- Inherence – something unique to the user, such as biometric data
While these precautions might help to reduce fraud they add considerable friction to any transaction, which undermines the customer experience. Banks that can’t minimize this friction risk losing customers.
There are, however, several exemptions to avoid the negative impact of SCA – some more straightforward than others. The straightforward include electronic remote payments under €30, contactless card payments under €50 and payments made electronically at transport hubs, such as train stations, as well as parking meters.
Significantly, but less straightforward, SCA is also exempt for low-risk transactions – when the bank is confident the transaction is posing a low level of risk. For instance, if a customer is always traveling around Europe, transactions within the continent are not necessarily suspicious. But a payment made out of Europe is out of the profile of the client and would receive a high-risk score, alerting the bank, which can then decide how to react and whether to trigger SCA.
This is where the NetGuardians’ fraud solution comes in. It uses artificial intelligence and machine learning to build up ever-evolving, 360-degree customer profiles. Each time a customer makes a transaction it is compared against the profile and given a risk score. Armed with this solution, banks can take full advantage of the exemption for low-risk transactions, thereby avoiding unacceptable friction with customers.
With NetGuardians’ solution, banks will be able to:
1) Track fraud attacks and provide transaction information (amount, timing, beneficiary and more) to generate fraud reports in the format required by PSD2.
2) Be PSD2-compliant in terms of transaction monitoring mechanisms and transaction risk analysis, confident in the risk-scoring of transactions so those that are low-risk can avoid SCA.
For banks concerned about the September deadline, there’s more good news. The solution has pre-connectors for the major core digital-banking platforms, so installation isn’t an expensive and hugely time-consuming project. And our smarter artificial intelligence solution empowers our clients by providing AI technology together with contextual information and great user experience. So banks looking to become PSD2 compliant in terms of fraud need look no further.