Guides and reports

Simplifying PSD2 with our Authentication Engine

Reduce regulatory complexity and optimize for authorization success with our Authentication Engine.

Ruben Woelders, Product Manager  ·  Product Manager, Adyen
August 9, 2019
 ·  5 minutes
Illustration of person

This article was updated in September 2021

There’s a lot to cover when it comes to payments regulations. In our previous articles we explored the essentials of this PSD2 regulation, key changes that may impact your business, and how our3D Secure 2solution helps withstrong customer authentication (SCA).This time we’re focusing on how our new Authentication Engine feature can help you reduce regulatory complexity and optimize for authorization success.

The starting point of a complicated journey

With an increasing number of parties (national regulators, banks, schemes, 3D Secure providers) interpreting and implementing PSD2 in different ways, we know it can get complicated.

For example, some EU countries have decided on different timelines to start monitoring PSD2 compliance.

These complexities and the ever-changing payments landscape can impact your business growth. More than anything else in the payment space it affects your authorization rates due to a wide variety of required checks across sets of compliance, transactional, risk, and issuer data.

Data illustration of person and authentication

Connecting data to give shoppers the best experience

There’s no 'one size fits all' approach. The profile of each transaction needs to be considered based on its amount, whether they're recurring payments, local regulations, issuers' authentication preferences, and your relationship to the shopper.

So how do you stay compliant, trigger the right checks, optimize for certain behaviors, and ultimately get your payments authorized? It’s simple, you employ smart technology and proven expertise to guide you.

Data-driven optimization for PSD2

With PSD2’s regulatory requirements taking effect in most EU countries from 31 December 2020, you’ll already have questions about your payment processing setup. Your payment authorization rates could be in the hands of a preference of one PSD2 SCA exemption over another. Or it might depend on how strictly a bank is enforcing or monitoring authentication. Or maybe it depends on which 3DS2 version you're on. And what happens if one of these settings change? Which they do, often at the last minute.

Our single platform has a higher threshold of data points (100+) to analyze. This improves the logic we can apply to PSD2 SCA regulation and to optimize for authorization.

To tackle this uncertainty, we've enriched our optimization toolkitRevenueAccelerate. It uses our machine learning intelligence to assess every transaction, beyond just exemptions. By analyzing our platform-wide data, the Authentication Engine identifies insights as the PSD2 landscape matures. At the bank level, the Authentication Engine monitors, identifies patterns and behaviors, and acts on them in real-time.

If regulation allows, we can skip an authentication process so shoppers aren’t interrupted at your checkout because we can see that a bank authorizes a transaction with our3D Secure product. Or, if a bank changes its exemptions preferences we can see almost instantly what works from actual transactions we’re optimizing across our merchant network.

This means less friction when the shopper is checking out, and transactions are geared towards the best chance of authorization, no matter what angle PSD2 comes from.

Optimizing the authentication journey

Below we'll demonstrate the complexity of the authentication process around PSD2, while showing you how Adyen can help. We've outlined a range of parties that have different responsibilities surrounding this regulation too. These either dictate the way a transaction is treated, or directly impacts its authorization success.

We'll also highlight examples of authentication decisioning, so you can see it put into practice and the benefits specific to your business.

National Regulators of EEA countries

Illustration of people
Layer of complexityAdyen Authentication Engine
Have the autonomy to interpret and enforce PSD2 in different ways. Some regulators are stricter than others, so the application of this regulation can vary by country.Completes 3D Secure only if mandated at that point in time.

European Banks

Illustration of a bank
Layer of complexityAdyen Authentication Engine
Will implement PSD2 based on their national regulators stance. Each bank may have a slightly different exemption appetite or level of 3D Secure readiness and interpretation of scheme rules compared to other banks within that country.Triggers frictionless checkout with liability shift.

Optimizes across 3D Secure 2.2, 2.1, 2.2, 1.0 or none.

Picks the ideal exemption path to achieve authorization while minimizing checkout friction.

Card Schemes

Illustration of cards
Layer of complexityAdyen Authentication Engine
Have certain PSD2 rules and regulations that differ from other schemes. They provide national banks with guidance and technical solutions.Finds the best path to reach the issuer in the most seamless way.

Non European National Banks (Out of PSD2 scope)

Illustration of buildings
Layer of complexityAdyen Authentication Engine
Not mandated by PSD2 but may require 3D Secure authentication based on the type of card (i.e. Brazilian debit cards) or for transactions undertaken in specific countries with a higher risk settings.Optimizes for global authentication requirements.

You can also configure certain authentication rules specific to your business needs.

Optimized Authentication Engine flows

Skip authentication

Business benefits:Reduction in costs, less checkout friction, and faster authorization.

Skip authentication psd2 authentication flow

The bank is not yet enforcing PSD2 SCA. Even if you send supporting data that meets 3D Secure standards to us, we would skip this authentication step and route the transaction through a 'No 3D Secure flow'. Your shopper will not experience an unnecessary challenge and the speed of checkout is increased. You'll always have control, as you can set rules tailored to your business needs. And, where regulation mandates, we will always meet 3D Secure standards and route accordingly.

Liability shift

Business benefits:Reduction in checkout friction, increased authorizations, and optimized chargeback liability.

Liability shift psd2 authentication flow

The bank does not yet have 3D Secure 2 but you are 3DS2 ready. To avoid any chance of an unnecessary challenge for your shopper, we would send 3D Secure 2 supporting data to the bank to prove your readiness. This shifts chargeback liability to the bank and helps to reduce the impact of a chargeback for you.

However, some banks may behave differently and choose not to authorize in this situation. We will always route your transaction across the route that has the best chance of authorization, meets bank's preferences, and is friction-free for shoppers.

Optimize for exemptions

Business benefits:Reduction in checkout friction, increased authorizations, less costs, and faster authorizations.

Optimize for exemptions psd2 authentication flow

The bank grants exemptions at the point of authorization rather than at the point of authentication. Depending on a banks preference for certain exemptions, we would pick the best route.

For example, a bank may prefer full 3D Secure authentication even if the transaction fits an exemption (say for a low value exemption (<€30) )if presented in this way, you may experience faster authorization.

Next steps for authentication

Over time we’ll see more changes as PSD2 authentication needs mature. Outside Europe, in Australia for example, industry parties are in consultation phases for SCA frameworks, suggesting that other countries will soon follow with more authentication rules.

If you’re using the Adyen platform, our 3D Secure product,Acquiring, and Authentication Engine have you covered for today, tomorrow, and whatever comes up in the future. We’re always here to help too, so if you have any questions around these regulations and our products, doget in touch.

Explore further

PSD2 SCA compliance and implementation guide

The European regulation mandating strong customer authentication will come into effect starting September 14, 2019. Read our PSD2 guide to learn more.

PSD2 Guide

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.