What you need to know about PSD2 one leg transactions

Inevitably in the world of European eCommerce, discussions about PSD2 are likely to come up - this can mean anything from talk of best practices to solutions to avoid the biggest problem - checkout friction. There are many challenges experienced by businesses within the European Economic Area (EEA), but what about those outside of it? For non-EEA companies, there are other, less obvious problems still being encountered. We have spoken with many non-EEA merchants that are aware of PSD2, but do not know about all the measures that may apply to them. One surprising stumbling point has been one leg transactions. This is crucial knowledge to any company seeking to do business in Europe. Let’s get our heads around some of the key concepts.

In their most basic form, one leg transactions (also referred to as one leg out) refer to payments and transactions where the payer or recipient’s Payment Service Provider (PSP) is located outside the EEA, but a customer's account is held within the EEA. On the other hand, two leg transactions refer to payments when both the payer and the recipient are located in the EEA. Despite their differences, PSD2 regulations apply to both.

To understand one leg transactions, it is important to know why they apply to certain payments. It all comes down to PSD2, introduced by the European Union (EU) to regulate electronic payment services within the EEA, and most importantly, to reduce the risk of fraud by enforcing Strong Customer Authentication (SCA) measures for every payment - well, almost every transaction (more on that later). Under PSD1, one leg transactions did not fall within its regulatory scope but PSD2 changed all that.

The short answer: immensely. Every non-EEA company dealing with payments within the EEA must adhere to PSD2 regulations, which also include the requirements for secure communication between payment service providers. International companies need to ensure that they have the necessary infrastructure and technology in place to support PSD2-compliant payments. This may involve partnering with payment service providers that are authorized and regulated under PSD2, or investing in their own payment infrastructure to ensure compliance.

Overall, PSD2 one leg out transactions may increase the complexity and cost of providing payment services to customers within the EEA for international companies. However, complying with these regulations can also help to improve the security and transparency of payment transactions, which can ultimately benefit both businesses and consumers.

What we have been surprised to learn through experiences and discussions at events with potential customers and those involved with eCommerce, is that some merchants have reached contract negotiations with EEA entities only to be surprised to learn that they must meet PSD2 requirements for processing payments. They believed that being located half a world away from the EU meant they did not have to comply with PSD2 SCA principles.

It’s not just PSD2 requirements alone that can appear difficult to adhere to, however, as there are a few other things that need to be considered.

Liabilities: all companies are liable for any fraudulent transactions that occur as a result of non-compliance with PSD2 regulations. Therefore, it is crucial for them to understand the requirements and ensure compliance to avoid financial penalties and reputational damage.

Third-party providers: by using third-party providers to process payments, companies must ensure that those providers also comply with PSD2 regulations and SCA requirements. Overall, any entity wishing to do business in the EEA that includes online payments must fully understand and comply with PSD2 regulations for one leg out transactions.

There certainly are! In a time when reputations can be made or broken in an instant through positive and negative online reviews, it is always in the best interest of companies to adhere to the latest rules and regulations. Of course, to be on the wrong side of the rules is one thing, but to be seen by customers to be inefficient in any aspect of cybersecurity, fraud and payment processes and rules can have a huge negative impact on a company.

Non-compliance is not an option for companies that are seeking to grow their businesses and increase revenue as failure to meet the standards expected simply results in payments being unable to be processed. Not only does compliance allow you to do business within the EEA, leading to an increase in potential revenue flows, but it can also lead to a more secure environment for both businesses and consumers.

And with a more secure online payment experience, certain SCA exemptions can be allowed for non-EEA entities. Exemptions are limited (such as low-risk transactions and payments below €30 avoiding SCA), but they can be effective in keeping processing costs down. Crucially, there are strict conditions that need to be met to qualify - all of which revolve around remaining well below accepted fraud thresholds.

It all may seem so complex for non-EEA companies to process EEA payments, however, it can be wonderfully simple. Understanding is the key, as is having the right solutions in place for reducing fraud. If you think you’re saving time and money by relying on ineffective legacy anti-fraud systems, think again. 

The best approach is to therefore stay ahead of the regulations with advanced solutions that are already available today. Why wait until the last minute to meet a regulatory implementation deadline when you can already begin the process now? Doing so now can smoothen payments and transaction flows long before regulators enforce financial penalties for non-compliance.

The most effective means to stay way ahead of existing requirements and any potential future legislation is to find a fraud solution that is powered by machine learning models and is able to continuously authenticate every single user in real-time. Humans can be distinguished from bots, and humans can be distinguished between good and bad actors, all while automatically analysing digital fingerprints (device and network setups), coupled with behavioral biometrics to understand the true intentions of every user behind the scenes. All this while cutting back on manual processes and unnecessary financial penalties.

___

If you liked this post about one leg transactions under PSD2 and wish to learn more about how Nethone’s fraud solution can help you, contact Neil Smith or arrange a call with us by clicking on the ‘book a call’ button at the top of this page.