I found those links slightly difficult to understand. Am I correct in summarizing these definitions as follows?
PSD2—The EU law requiring your bank/card issuer to establish SCA for online purchases.
SCA—Strong Customer Authentication: something in addition to a credit card number, e.g. your bank account password, a mobile push notification, a SMS code.
3DS—3-Domain secure, the protocol used by online merchants to communicate with the bank in order to establish SCA. This seems to be complicated by the fact that most banks aren't implementing this protocol themselves, but using a third party. So you get redirected to the website of that third party in order to authenticate a transaction.
The tribal knowledge on this one is thick as molasses.
> On 8 October 2015, the European Parliament adopted the European Commission proposal to create safer and more innovative European payments (PSD2, Directive (EU) 2015/2366). The current rules aim to better protect consumers when they pay online, promote the development and use of innovative online and mobile payments such as through open banking, and make cross-border European payment services safer.[10]
> An important element of PSD2 is the requirement for strong customer authentication on the majority of electronic payments.
> The first thing that can reduce conversions is the higher rate of 3DS triggered user abandonment. Since many consumers are not familiar with the 3DS process, there is a higher chance of abandonment during the authentication process.
This would presumably go away once PSD2 is fully implemented and all purchases require it, which is a benefit of requiring it by law rather than letting merchants choose whether or not to require it. Requiring it is a common good in the sense that it reduces the economy's overall loss due to fraud.
Additionally, as the article mentions, using 3DS shifts liability for charge not authorized disputes from the merchant to the bank. Thus, the decreased rate of conversions must be compared against decreased losses due to chargebacks.
It quickly gets complicated. There are many more variables to take into account.
- SCA exemptions
- Prepaid Cards (with no built in 2FA support)
- Banks in less developed markets (No 3DS)
- "We encountered a 3DS processing error" is a common nondescript message which occurs with international payments
For regular merchants, the decrease in conversion (double digit) is VERY far away from any improvements in chargebacks. Bear in mind that most merchants need to stay below 0.75-1% chargeback regardless of conversion/decline ratios.
I agree, the change needs to be viewed overall. The liability shift is a godsend, it also decreases customer support contacts to verify if the order is fraud or not.
Also, paired with 3DS2's frictionless flow we actually saw a small uptick.
So, some VP at a fraud prevention company recommends merchants to avoid using 3DS and use a fraud detection platform, got it.
I don't know if we can find better data somewhere else but I would assume that abandonment rates will decrease thanks to PSD2:
- SMS tokens are finally on their way out; more and more people are installing their bank's mobile app, which is used as the second factor (you get a push notification, you have to unlock and accept the transaction).
- We'll see some harmonization across EU/EEA merchants. No more cases of "the German website doesn't trigger 3DS but the French one does".
Here in Sweden, some major banks already refused to let you do card transactions without SCA/3DS, before PSD2 was even passed. As a result, PSD2 finally being implemented is a welcome relief for me, because those annoying services that would always cause a card decline are now being forced to show a 3DS prompt instead. That prompt is also pretty convenient here because of the wide deployment of Mobile BankID.
(The experience before was: pray this merchant supports 3DS, discover that it doesn't, fish out your phone and open mobile banking, authenticate with mobile banking, find and use the toggle that temporarily allows non-3DS transactions. Now I just bring up the authentication app when prompted.)
> which is used as the second factor (you get a push notification, you have to unlock and accept the transaction).
This breaks more often than you'd think. I'm still locked out of Facebook on one device because I can't seem to receive the unlock notification and I'm terrified to reinstall Facebook on my phone and then be actually locked out. I'm not a fan of Facebook, but it's the only way to contact some of my friends/family these days via video.
I've also had similar issues with actual banks where the notification appeared and I accidentally tapped "decline" or even dismissed the notification by accident. I've also never received them (mostly with ~Transfer~Wise). Edit to add: I've also been too lazy to walk to the phone charger to press "accept" and just given up.
I think it's a pretty well known phenomenon in ecommerce that the more "clicks" you add to checkout, the less % of people that will make it to the end. I don't see this decreasing cart abandonment at all.
These apps are worse. Each of them has its own horrible interface and horrible surveillance functionality. For Android they usually check if you have an officially sanctioned and non-rooted google phone.
If I wanted to be patronized by the phone manufacturer, I would buy apple...
I indeed do want to have full control over my phone. It is a freedom we are gradually losing. RMS was right all along...
But if course they do not care about actual security, that means if your phone has current security patch level.
So for old phones with no official patches you can't even install Lineage and you're worse off.
1. My bank now _requires_ SMS 2fa, for many actions like logging in, viewing transaction history > 1 month, or making purchases online.
2. My bank has killed their mobile web page in favour of their app. The desktop web page still works, but if you try visit it with a mobile UA you still get told to use the app.
3. Not 100% sure this is PSD2 related, but my bank have made their password policies less... dumb. It used to be max 8 chars, case insensitive, anything longer was silently truncated. In addition, the signup form used to allow alphanumeric characters, but the change password form only allowed alphabetical.
4. Presumably because of 1, they now no longer randomly decline transactions to smaller vendors. They used to then send you a text asking you to phone the fraud department to clear it. The first couple of times, I thought the text _was_ the fraud.
Now it's entirely possible my bank have just misinterpreted what's required of them, their prior actions show they aren't the most technically competent, but that's not what they were chosen for.
>> more and more people are installing their bank's mobile app, which is used as the second factor (you get a push notification, you have to unlock and accept the transaction
Great - so much for those times where I've been traveling internationally, been able to make a purchase using a web page hosted on a shared computer or one owned by a companion, but don't have mobile phone access to get a push notification.
> some VP at a fraud prevention company recommends merchants to avoid using 3DS and use a fraud detection platform, got it.
Yeah, if PSD2 had an impact as dramatic as the article says then there would be a massive amount of noise from all EU/UK retailers. Instead we get an article from somebody with something to sell.
SMS are not much on their way out. I just got an OTP via SMS for an online credit card payment. Then I had to insert my secret PIN too. Friction friction friction.
Some banks authorize operations with their apps: it's either fingerprints, PINs or codes by SMS. Usually a combination of two of them. One bank also requires a kind of captcha. Of course I'm hating all of this. I wish they pay me for the extra work.
100%. 3DS is for card payments and using Netherlands and Germany as examples here is just plain bad - in these countries bank-based payment methods are more popular: iDEAL in NL (which has used 2FA for years), Sofort and Giropay in DE.
If Mastercard or Visa did an app that would work across all of their cards, that would be ok. But how can a separate app from each bank be considered better than SMS? It's just an annoying lock-in. And the quality of apps from many banks is sub-par.
The main issue to SMS tokens going away are all those people, specially elderly ones, that now are forced to buy a phone they cannot understand how to deal with.
Just like the clever idea some cities have had to initially only offer covid vaccination appointments over their website.
EU did not "introduce" PSD2 this year, it was/should have been in effect since Sept 2019!
However, the member states (and therefore the EU) have cut the banks an inordinate amount of slack to get their shit together, even though they have been heavily involved in the writing of PSD2 and had since 2015 (!) to implement everything. Here in Germany, in September 2019, which should have been the hard end of a one year grace period, practically no bank actually had a working PSD2 API or had implemented 2 factor authorization properly.
So all the whining about PSD2 six years after it passed is ridiculous. Everybody had plenty of warning and time to get their site prepared and checkout processes optimized. And quite frankly, unless the author of the article is running some kind of one-click order scam, I find the drop of up to 50% in conversion highly unlikely. From my experience with dozens of e-commerce site, the drop is negligible. And considering the rampant credit card fraud, 2FA was long overdue.
→ Customers who have had their card on file will fail the next subscription payment. Many are going to discover they have been paying for months/years for something they didn't really need, and walk away.
→ Incorrect 3D-Secure integration will cause payments from EU to fail straight away. Even some payment gateways didn't understand how it worked back when the enforcement loomed for the first time, and this is literally their job. The solution is to read the documentation carefully and fix your stuff.
It's a misconception that people are going to get confused by PSD2. We in Europe, depending on the bank, have had it for two years now. We got used to it and if we really want to pay, we will.
>It's a misconception that people are going to get confused by PSD2. We in Europe, depending on the bank, have had it for two years now. We got used to it and if we really want to pay, we will.
When a (random) app opens a bank login page for me and asks me to type in my back login information in a third party app, then that very much does confuse me. That's one of the ways people get scammed through phishing attacks. And now this is effectively mandated by law.
I've definitely chosen not to pay for a few things, because I didn't trust the app enough with my bank's login information. With a credit card I could easily dispute false charges. With bank authentication, I doubt it'll be as easy.
Consumer protection legislation protecting consumers. I don't see the issue.
> Since many consumers are not familiar with the 3DS process, there is a higher chance of abandonment during the authentication process. Users may also choose to abandon a transaction simply because there are additional steps to complete, giving them more time to contemplate their purchase.
The data here is not really provided so we have no way of verifying they are stating e.g. simply that conversion in Germany went from 80%+ to 40%+ just due to PSD2 requirements to verify identify. 50% of consumers stop their purchase because they have to verify their CC? That seems absurd.
If the reason as cited above is unfamiliarity this means it is a purely temporary impact. If its birthing issues of implementation that too should be temporary. If consumers stop their biy due to reflection or realising that they don't trust the shop that too is a good thing.
1) I now have to do the 3DS procedure for amounts as small as 1,80€
2) My bank's 3DS "website" requires me to enter my online banking PIN (the one for my entire account, not just my credit card PIN!) and since that website gets opened in an Android WebView I can't even be sure that the app invoking the WebView doesn't actually obtain my PIN through a key logger. Fantastic.
I’ve personally always found 3DS a bit worrying from a security POV. I’m sure much smarter minds than mine designed it, and had reasons for doing so, but I’ve seen it implemented in iframes on websites I use before. It really doesn’t seem to encourage good security practices in normal users where they’re being encouraged to enter their bank password when the URL they see doesn’t match. Plus the URL itself often refers to Arcot, the company who make 3DS, rather than the bank whose branding is all over the page. Very weird.
1 could be a bad implementation from the merchant. There is an exemption for low value (<€30) transactions and you can do five low value transactions before needing re-authentication.
Before 3DS I had my credit card details memorized, so I could shop online conveniently. Now I have to keep my phone around and type in SMS passwords everywhere.
For me it opens the bank app which shows amount, seller, subject line and asks me to confirm with pin or fingerprint, taking all of 2 seconds. No more entering bank card numbers. Not sure what bank youi are using but this seems like bad implementation not bad idea.
We developed an internal 3DS attempt strategy to try to remedy this [0], but it is not ideal.
Basically, try 3DS (with no authentication), then try regular charge (NON 3DS), then if all else fails try a full 3DS charge. You'd be surprised by the disparity, especially internationally, and we do recoup some charges at the expense of triggering some unintended blockage.
When asking our provider (Stripe in our case) about the best strategy for this, it always comes down to , "Let SCA (Strong Customer Auth) rules and logic handle everything", but this simply doesn't work well.
I really wish the likes of Adyen, Stripe, etc...would help out with better decline ratio strategies.
I think we are all plagued by "do_not_honor" and "transaction_not_allowed" codes that do little to move us in any direction...
How many of these 3DS failures switch to an alternative payment method?
A drop in EU e-commerce sales between 20% and 50% would be big news we wouldn't have missed, so where are these sales going ? Or are these transactions still a tiny bit of the overall e-commerce value? If users opt for a cheaper (and not easily clawed back) payment method because they can't complete the 3DS challenge, the merchants may still win.
Kind of a side point, but I think it could be argued that some transaction friction is a good thing at a societal level. (So long as the friction is agnostic to demographic or income level.)
My spending, consumption and general wasteful consumerism is healthier when I don't have Amazon Prime. I'm more thoughtful about what I need and will batch up purchases, often removing a portion of the cart.
>Users may also choose to abandon a transaction simply because there are additional steps to complete, giving them more time to contemplate their purchase.
Good. Means you've manipulated people into spending their money very intensely if they will abandon the transaction once the first rational thought comes in. I would personally add a third factor for good measure.
In Poland we have something called "Blik" (https://en.wikipedia.org/wiki/Blik) state of the art internet payment system. https://blik.com/en Sadly it has to be supported by bank (to be specific their mobile app) so not usable by all EU customers. But since it is also operated by banks (they share cost of IT infrastructure) commission is much lower than Visa/MasterCard and milion times easier to use.
In 2020 Blik had 7 million users and processed 424 million transactions. In 2019, the number of Blik transactions exceeded the number of transactions made on the Polish Internet with payment cards.
In PSD2/3DS world paying with card is real pain in the ass, only advantage is transaction insurance and chargeback.
It's probably worth noting that online transactions with payment cards were never the dominant form of payment, many people preferred to send a bank transfer directly (with delay until next payment session) or use a number of services which work as middle men to settle these transactions instantly.
Card payments are often seen as the least secure way of paying for stuff, but they are mildly more convenient than sending a bank transfer.
Sweden has adapted something similar, Swish[1]. Co-owned by banks and so far without any fees for private entities. The adaption rate has been really incredible. Already 75% of the population has signed up for it and, in 2020, made over 600 million transactions.
Don't have a mobile phone, so I guess I would count towards those numbers. A shop branch I used to buy at had 3-D Secure for years but after asking nicely, they disabled that authentification for me. However, ever since they merged with the main website earlier this year, it's no longer possible. So theoretically, it would be impossible for me to buy anything anymore...if not for the fact that they now allow you to buy "points" via PayPal with which you can then buy products in the shop. It's more complicated, takes longer and has other disadvantages (such as not buying the products directly) but for now, it works. Other websites which don't have such a workaround will simply end up with an "abandonment".
There's always going to be a decline in sales when new friction is added to a process. But, as people get used to the process those sales come back. The idea that nothing can change because it will hurt sales is short sighted. It leads to a stagnated system where competition will beat you out of existence.
PSD2 is a process that's system wide and needed so if things need to change this is the best way to do it where everyone takes the hit together as a way to move forward.
This is not my article, I just found it when searching for any data on the subject. I'm aware of the article author's bias on the subject.
We run a B2B SaaS and 20% is the drop we've seen (comparing to monthly numbers of the last 5 years). This still needs to be analyzed better but it's taking time due to our messy system of multiple carts using different payment service providers.
Personally as an EU citizen I'm very in favor in these changes. I think the UX will become even more of a differentiator for banks and related products which is great. Banks FINALLY being forced to open APIs is also great for the fintech industry, so I'm not bitter at all. Just curious to see what other SaaS businesses have seen in their Euro traffic.
I'm really glad my bank got FaceID 3DS right as PSD2 were introduced, it's really quite painless to do the 2FA (just tap the notification, look at your phone and put it back).
Previously you had to use an ancient SMS based SIM app on your phone or use a dongle to authenticate, took over a minute usually.
A way for retailers to "bypass" 3DS is to use Klarna or similar (free in-app invoice that needs to be paid within 14 days). Even though it's usually quite simple to use my debit card, it's still more of a hassle than paying whenever I want within 14 days, so that's what I choose when I'm in a hurry.
Purely anecdotal but I have never had any problems with increased authentication for purchases. It feels safe to digitally sign every single purchase I make and with a good UX on the store front it can be a great experience.
[+] [-] Denvercoder9|4 years ago|reply
PSD2 - https://en.wikipedia.org/wiki/Payment_Services_Directive#Rev...
3DS - https://en.wikipedia.org/wiki/3-D_Secure
Furthermore, I want to note that the author works for a company that sells products that "eliminate unnecessary 3DS friction" (in their own words).
[+] [-] Matthias1|4 years ago|reply
PSD2—The EU law requiring your bank/card issuer to establish SCA for online purchases.
SCA—Strong Customer Authentication: something in addition to a credit card number, e.g. your bank account password, a mobile push notification, a SMS code.
3DS—3-Domain secure, the protocol used by online merchants to communicate with the bank in order to establish SCA. This seems to be complicated by the fact that most banks aren't implementing this protocol themselves, but using a third party. So you get redirected to the website of that third party in order to authenticate a transaction.
[+] [-] hinkley|4 years ago|reply
> On 8 October 2015, the European Parliament adopted the European Commission proposal to create safer and more innovative European payments (PSD2, Directive (EU) 2015/2366). The current rules aim to better protect consumers when they pay online, promote the development and use of innovative online and mobile payments such as through open banking, and make cross-border European payment services safer.[10]
> An important element of PSD2 is the requirement for strong customer authentication on the majority of electronic payments.
[+] [-] morpheuskafka|4 years ago|reply
This would presumably go away once PSD2 is fully implemented and all purchases require it, which is a benefit of requiring it by law rather than letting merchants choose whether or not to require it. Requiring it is a common good in the sense that it reduces the economy's overall loss due to fraud.
Additionally, as the article mentions, using 3DS shifts liability for charge not authorized disputes from the merchant to the bank. Thus, the decreased rate of conversions must be compared against decreased losses due to chargebacks.
[+] [-] globile|4 years ago|reply
- SCA exemptions - Prepaid Cards (with no built in 2FA support) - Banks in less developed markets (No 3DS) - "We encountered a 3DS processing error" is a common nondescript message which occurs with international payments
For regular merchants, the decrease in conversion (double digit) is VERY far away from any improvements in chargebacks. Bear in mind that most merchants need to stay below 0.75-1% chargeback regardless of conversion/decline ratios.
EDIT: Spelling
[+] [-] razius|4 years ago|reply
Also, paired with 3DS2's frictionless flow we actually saw a small uptick.
[+] [-] hocuspocus|4 years ago|reply
I don't know if we can find better data somewhere else but I would assume that abandonment rates will decrease thanks to PSD2:
- SMS tokens are finally on their way out; more and more people are installing their bank's mobile app, which is used as the second factor (you get a push notification, you have to unlock and accept the transaction).
- We'll see some harmonization across EU/EEA merchants. No more cases of "the German website doesn't trigger 3DS but the French one does".
[+] [-] TazeTSchnitzel|4 years ago|reply
(The experience before was: pray this merchant supports 3DS, discover that it doesn't, fish out your phone and open mobile banking, authenticate with mobile banking, find and use the toggle that temporarily allows non-3DS transactions. Now I just bring up the authentication app when prompted.)
[+] [-] withinboredom|4 years ago|reply
This breaks more often than you'd think. I'm still locked out of Facebook on one device because I can't seem to receive the unlock notification and I'm terrified to reinstall Facebook on my phone and then be actually locked out. I'm not a fan of Facebook, but it's the only way to contact some of my friends/family these days via video.
I've also had similar issues with actual banks where the notification appeared and I accidentally tapped "decline" or even dismissed the notification by accident. I've also never received them (mostly with ~Transfer~Wise). Edit to add: I've also been too lazy to walk to the phone charger to press "accept" and just given up.
I think it's a pretty well known phenomenon in ecommerce that the more "clicks" you add to checkout, the less % of people that will make it to the end. I don't see this decreasing cart abandonment at all.
[+] [-] summm|4 years ago|reply
[+] [-] Macha|4 years ago|reply
1. My bank now _requires_ SMS 2fa, for many actions like logging in, viewing transaction history > 1 month, or making purchases online.
2. My bank has killed their mobile web page in favour of their app. The desktop web page still works, but if you try visit it with a mobile UA you still get told to use the app.
3. Not 100% sure this is PSD2 related, but my bank have made their password policies less... dumb. It used to be max 8 chars, case insensitive, anything longer was silently truncated. In addition, the signup form used to allow alphanumeric characters, but the change password form only allowed alphabetical.
4. Presumably because of 1, they now no longer randomly decline transactions to smaller vendors. They used to then send you a text asking you to phone the fraud department to clear it. The first couple of times, I thought the text _was_ the fraud.
Now it's entirely possible my bank have just misinterpreted what's required of them, their prior actions show they aren't the most technically competent, but that's not what they were chosen for.
[+] [-] sib|4 years ago|reply
Great - so much for those times where I've been traveling internationally, been able to make a purchase using a web page hosted on a shared computer or one owned by a companion, but don't have mobile phone access to get a push notification.
Thanks, regulators!
[+] [-] bjohnson225|4 years ago|reply
Yeah, if PSD2 had an impact as dramatic as the article says then there would be a massive amount of noise from all EU/UK retailers. Instead we get an article from somebody with something to sell.
[+] [-] pmontra|4 years ago|reply
Some banks authorize operations with their apps: it's either fingerprints, PINs or codes by SMS. Usually a combination of two of them. One bank also requires a kind of captcha. Of course I'm hating all of this. I wish they pay me for the extra work.
We were better off when things were worse /s
[+] [-] Rafert|4 years ago|reply
See: - https://www.adyen.com/knowledge-hub/guides/global-payment-me... - https://stripe.com/en-us/payments/payment-methods-guide#paym...
[+] [-] andraz|4 years ago|reply
[+] [-] pjmlp|4 years ago|reply
Just like the clever idea some cities have had to initially only offer covid vaccination appointments over their website.
[+] [-] estaseuropano|4 years ago|reply
[+] [-] dr_faustus|4 years ago|reply
However, the member states (and therefore the EU) have cut the banks an inordinate amount of slack to get their shit together, even though they have been heavily involved in the writing of PSD2 and had since 2015 (!) to implement everything. Here in Germany, in September 2019, which should have been the hard end of a one year grace period, practically no bank actually had a working PSD2 API or had implemented 2 factor authorization properly.
So all the whining about PSD2 six years after it passed is ridiculous. Everybody had plenty of warning and time to get their site prepared and checkout processes optimized. And quite frankly, unless the author of the article is running some kind of one-click order scam, I find the drop of up to 50% in conversion highly unlikely. From my experience with dozens of e-commerce site, the drop is negligible. And considering the rampant credit card fraud, 2FA was long overdue.
[+] [-] WesolyKubeczek|4 years ago|reply
→ Customers who have had their card on file will fail the next subscription payment. Many are going to discover they have been paying for months/years for something they didn't really need, and walk away.
→ Incorrect 3D-Secure integration will cause payments from EU to fail straight away. Even some payment gateways didn't understand how it worked back when the enforcement loomed for the first time, and this is literally their job. The solution is to read the documentation carefully and fix your stuff.
It's a misconception that people are going to get confused by PSD2. We in Europe, depending on the bank, have had it for two years now. We got used to it and if we really want to pay, we will.
[+] [-] Aerroon|4 years ago|reply
When a (random) app opens a bank login page for me and asks me to type in my back login information in a third party app, then that very much does confuse me. That's one of the ways people get scammed through phishing attacks. And now this is effectively mandated by law.
I've definitely chosen not to pay for a few things, because I didn't trust the app enough with my bank's login information. With a credit card I could easily dispute false charges. With bank authentication, I doubt it'll be as easy.
[+] [-] bjohnson225|4 years ago|reply
[+] [-] estaseuropano|4 years ago|reply
> Since many consumers are not familiar with the 3DS process, there is a higher chance of abandonment during the authentication process. Users may also choose to abandon a transaction simply because there are additional steps to complete, giving them more time to contemplate their purchase.
The data here is not really provided so we have no way of verifying they are stating e.g. simply that conversion in Germany went from 80%+ to 40%+ just due to PSD2 requirements to verify identify. 50% of consumers stop their purchase because they have to verify their CC? That seems absurd.
If the reason as cited above is unfamiliarity this means it is a purely temporary impact. If its birthing issues of implementation that too should be temporary. If consumers stop their biy due to reflection or realising that they don't trust the shop that too is a good thing.
[+] [-] WesolyKubeczek|4 years ago|reply
Or integrate with Android Pay/Apple Pay.
Cry me a river, but I rather prefer to be in control about who gets to withdraw money from my card, and how much.
[+] [-] codethief|4 years ago|reply
1) I now have to do the 3DS procedure for amounts as small as 1,80€
2) My bank's 3DS "website" requires me to enter my online banking PIN (the one for my entire account, not just my credit card PIN!) and since that website gets opened in an Android WebView I can't even be sure that the app invoking the WebView doesn't actually obtain my PIN through a key logger. Fantastic.
[+] [-] opheliate|4 years ago|reply
[+] [-] bjohnson225|4 years ago|reply
[+] [-] 988747|4 years ago|reply
[+] [-] mattmanser|4 years ago|reply
Kinda defies the point, and makes it very easy to forget the code as I put it in like once a year.
But there is less friction, you click buy, it redirects somewhere else (fairly slowly, perhaps by design), then done.
[+] [-] estaseuropano|4 years ago|reply
[+] [-] robert_foss|4 years ago|reply
[+] [-] Jolter|4 years ago|reply
[+] [-] vineyardmike|4 years ago|reply
What is PSD2?
What is 3DS?
Why do these exist and what did they solve?
Edit: Thanks for the responses everyone!
[+] [-] globile|4 years ago|reply
Basically, try 3DS (with no authentication), then try regular charge (NON 3DS), then if all else fails try a full 3DS charge. You'd be surprised by the disparity, especially internationally, and we do recoup some charges at the expense of triggering some unintended blockage.
When asking our provider (Stripe in our case) about the best strategy for this, it always comes down to , "Let SCA (Strong Customer Auth) rules and logic handle everything", but this simply doesn't work well.
I really wish the likes of Adyen, Stripe, etc...would help out with better decline ratio strategies.
I think we are all plagued by "do_not_honor" and "transaction_not_allowed" codes that do little to move us in any direction...
[0] https://medium.com/@globile/using-stripe-to-sell-internation...
EDIT: Fixed the order of actions...
[+] [-] unilynx|4 years ago|reply
A drop in EU e-commerce sales between 20% and 50% would be big news we wouldn't have missed, so where are these sales going ? Or are these transactions still a tiny bit of the overall e-commerce value? If users opt for a cheaper (and not easily clawed back) payment method because they can't complete the 3DS challenge, the merchants may still win.
[+] [-] ballenf|4 years ago|reply
My spending, consumption and general wasteful consumerism is healthier when I don't have Amazon Prime. I'm more thoughtful about what I need and will batch up purchases, often removing a portion of the cart.
[+] [-] thegeomaster|4 years ago|reply
Good. Means you've manipulated people into spending their money very intensely if they will abandon the transaction once the first rational thought comes in. I would personally add a third factor for good measure.
[+] [-] ojagodzinski|4 years ago|reply
In 2020 Blik had 7 million users and processed 424 million transactions. In 2019, the number of Blik transactions exceeded the number of transactions made on the Polish Internet with payment cards.
In PSD2/3DS world paying with card is real pain in the ass, only advantage is transaction insurance and chargeback.
[+] [-] isbvhodnvemrwvn|4 years ago|reply
Card payments are often seen as the least secure way of paying for stuff, but they are mildly more convenient than sending a bank transfer.
[+] [-] kjagiello|4 years ago|reply
[+] [-] arthurcolle|4 years ago|reply
[+] [-] Merem|4 years ago|reply
[+] [-] WheelsAtLarge|4 years ago|reply
PSD2 is a process that's system wide and needed so if things need to change this is the best way to do it where everyone takes the hit together as a way to move forward.
[+] [-] rokkk|4 years ago|reply
This is not my article, I just found it when searching for any data on the subject. I'm aware of the article author's bias on the subject.
We run a B2B SaaS and 20% is the drop we've seen (comparing to monthly numbers of the last 5 years). This still needs to be analyzed better but it's taking time due to our messy system of multiple carts using different payment service providers.
Personally as an EU citizen I'm very in favor in these changes. I think the UX will become even more of a differentiator for banks and related products which is great. Banks FINALLY being forced to open APIs is also great for the fintech industry, so I'm not bitter at all. Just curious to see what other SaaS businesses have seen in their Euro traffic.
[+] [-] RicoElectrico|4 years ago|reply
The bonus is that Przelewy24 is often presented as a payment option in global shops like Steam or AliExpress, so I can use it there as well.
[1] https://blik.com/en
[+] [-] kristofferR|4 years ago|reply
Previously you had to use an ancient SMS based SIM app on your phone or use a dongle to authenticate, took over a minute usually.
A way for retailers to "bypass" 3DS is to use Klarna or similar (free in-app invoice that needs to be paid within 14 days). Even though it's usually quite simple to use my debit card, it's still more of a hassle than paying whenever I want within 14 days, so that's what I choose when I'm in a hurry.
[+] [-] willeh|4 years ago|reply