Simplifying PSD2 with our Authentication Engine

Reduce regulatory complexity and optimize for authorization success.

This article was updated in May 2020

There’s a lot to cover when it comes to regulatory changes. In our previous PSD2 articles, we explored the essentials of this European regulation, key changes that may impact your business, and how our 3D Secure 2 solution helps with strong customer authentication (SCA).

This time we’re focusing on how our new Authentication Engine feature helps you reduce regulatory complexity and optimizes for authorization success.

With an increasing number of parties (national regulators, banks, schemes, 3D Secure providers) interpreting and implementing PSD2 in different ways, it can all get complicated.

For example, some EU countries have decide on different timelines to start monitoring PSD2 compliance.

These complexities and the ever-changing payments landscape directly impact your business growth. More than anything else in the payment space it affects your authorization rates due to a wide variety of required checks across sets of compliance, transactional, risk, and issuer data.

Data illustration of person and authentication

Connecting data to give shoppers the best experience

And there’s no 'one size fits all' approach. The profile of each transaction needs to be considered based on its amount, if it’s recurring, local regulations, issuers' authentication preferences, your relationship to your shopper, and more.

So how do you stay compliant, trigger the right checks, optimize for certain behaviors, and ultimately get your payments authorized? It’s simple, you employ smart technology and proven expertise to guide you through it.

Data-driven optimization for PSD2

With PSD2’s regulatory requirements taking effect in most EU countries from 31 December 2020, you’ll already have questions about your payment processing setup. Your payment authorization rates could be in the hands of a preference of one PSD2 SCA exemption over another. Or it might depend on how strictly a bank is enforcing or monitoring authentication. Or maybe it depends on which 3DS2 version you're on. And what happens if one of these settings change? Which they do, often at the last minute.

Our single payments platform has a much higher threshold of data points (100+) to analyze. This improves the logic we can apply to PSD2 SCA regulation and to optimize for authorization.

To tackle this uncertainty, we've enriched our optimization toolkit RevenueAccelerate, by using our machine learning intelligence to assess every transaction, beyond just exemptions. By analyzing our platform-wide data, the Authentication Engine can identify insights as the PSD2 landscape matures. Plus, at a bank level, the Authentication Engine monitors, identifies patterns and behaviors, and acts on them in real-time.

For example, if regulation allows, we can skip an authentication process so shoppers aren’t interrupted at your checkout because we can see that a bank authorizes a transaction with our 3D Secure product. Or, if a bank changes its exemptions preferences we can see almost instantly what works from actual transactions we’re optimizing across our merchant network.

This means less friction when the shopper is checking out, and transactions are geared towards the best chance of authorization, no matter what angle PSD2 comes from.

Making the most of the authentication journey

To give you context on the complexity of the authentication process around PSD2, as well as show you how with Adyen, you have all your bases covered, we have outlined a range of parties that have different responsibilities surrounding this regulation. These either dictate the way a transaction is treated, or directly impacts its authorization success.

Further down, we also outline example flows of this authentication decisioning, so you can see it put to practice and the benefits specific to your business.

National Regulators of EEA countries

Illustration of people
Layer of complexity Adyen Authentication Engine
Have autonomy to interpret and enforce PSD2 in different ways. Some may be stricter than others making the application of this regulation different country by country. Completes 3D Secure only if mandated at that point in time, otherwise skips.

European Banks

Illustration of a bank
Layer of complexity Adyen Authentication Engine
Will implement PSD2 based on their national regulators stance. Each bank may have a slightly different exemption appetite (ie. prefer one type over another) or level of 3D Secure readiness and interpretation of scheme rules compared to other banks within that country. Triggers frictionless checkout with liability shift.

Optimizes across 3D Secure 2.2, 2.1, 2.2, 1.0 or none.

Picks the ideal exemption path to achieve authorization while minimizing checkout friction.

Card Schemes

Illustration of cards
Layer of complexity Adyen Authentication Engine
Have certain PSD2 rules and regulations that differ from other schemes. Provide national banks with guidance and technical solutions. Finds the best path to reach the issuer in the most seamless way.

Non European National Banks (Out of PSD2 scope)

Illustration of buildings
Layer of complexity Adyen Authentication Engine
Not mandated by PSD2 but may require 3D Secure authentication based on the type of card (ie. Brazilian debit cards) or for transactions undertaken in specific countries with a higher risk settings. Optimizes for global authentication requirements.

You can also configure certain authentication rules specific to your business needs.

Optimized Authentication Engine flows

Skip authentication

Business benefits: Reduction in costs, less checkout friction, and faster authorization.

Skip authentication psd2 authentication flow

The bank is not yet enforcing PSD2 SCA. Even if you send supporting data that meets 3D Secure standards to us, we would skip this authentication step and route the transaction through a 'No 3D Secure flow'. Your shopper will not experience an unnecessary challenge and the speed of checkout is increased. You'll always have control, as you can set rules tailored to your business needs. And, where regulation mandates, we will always meet 3D Secure standards and route accordingly.

Liability shift

Business benefits: Reduction in checkout friction, increased authorizations, and optimized chargeback liability.

Liability shift psd2 authentication flow

The bank does not yet have 3D Secure 2 but you are 3DS2 ready. To avoid any chance of an unnecessary challenge for your shopper, we would send 3D Secure 2 supporting data to the bank to prove your readiness. This shifts chargeback liability to the bank and helps to reduce the impact of a chargeback for you.

However, some banks may behave differently and choose not to authorize in this situation. We will always route your transaction across the route that has the best chance of authorization, meets bank's preferences, and is friction-free for shoppers.

Optimize for exemptions

Business benefits: Reduction in checkout friction, increased authorizations, less costs, and faster authorizations.

Optimize for exemptions psd2 authentication flow

The bank grants exemptions at the point of authorization rather than at the point of authentication. Depending on a banks preference for certain exemptions, we would pick the best route.

For example, a bank may prefer full 3D Secure authentication even if the transaction fits an exemption (say for a low value exemption (<€30) )if presented in this way, you may experience faster authorization.

Next steps for authentication

Over time we’ll see more changes as PSD2 authentication needs mature. Outside Europe, in Australia for example, industry parties are in consultation phases for SCA frameworks, suggesting that other countries will soon follow with more authentication rules.

If you’re using the Adyen platform, our 3D Secure product, Acquiring, and Authentication Engine have you covered for today, tomorrow, and whatever comes up in the future. We’re always here to help too, so if you have any questions around these regulations and our products, do get in touch.

Explore further

PSD2 SCA compliance and implementation guide

The European regulation mandating strong customer authentication will come into effect starting September 14, 2019. Read our PSD2 guide to learn more.

PSD2 Guide

Sign up for the newsletter

By submitting this form, you acknowledge that you have reviewed the terms of our Privacy Statement and consent to the use of data in accordance therewith.

Are you looking for test card numbers?

Would you like to contact support?