PSD2 Transaction Monitoring
Fraud is a threat always lurking in the shadows. Therefore, the payment market has various fraud monitoring tools that combat ever-evolving fraud possibilities. However, to combat money thirsty schemes the right fraud solution must be in place. PSD2 transaction monitoring is one of them and regulatory compliance will always remain a key player in developing any fraud monitoring tool.
The PSD2 transaction monitoring is a mandatory regulation and all payment providers must abide by it. The Regulatory Technical Standards (RTS) anticipate circumstances where transactions may be exempt from Strong Customer Authentication (SCA). To gain the exemption an acceptable transaction monitoring must be in place and all the requirements must be met.
What is a fraud monitoring tool?
A fraud monitoring tool is a scheme intended to distinguish and counter fraud. It is mainly managed by fraud analysts. Previously these schemes were simple to control and had fewer functions that required manual labour. However, these days fraud analysis is complex, yet agile and user friendly. The automated processes make fraud analysis more dynamic and can combine multiple tools simultaneously. These tools integrate multiple technological solutions and create extensive fraud monitoring tools.
Fraud monitoring tools are a part of Regulatory Technical Standards and SCA. As stated by Article 2 of the RTS, the expression transaction monitoring is attributed to “mandatory mechanisms that enable Payment Service Providers (PSPs) to detect and prevent unauthorized or fraudulent payment transactions.”. This happens together with the application of SCA.
The PSD2 transaction monitoring mechanisms
PSD2 transaction monitoring mechanisms suggest that they are a part of the payment transaction analysis process. The analysis itself has regulations and the requirements must be met to successfully implement the authentication process. There are minimum specifications that must be performed, however, they are not limited to these five:
- Investigation to determine whether there are any compromised or hijacked authentication components.
- Application and examination of established fraud scenarios.
- Screening process against malware in the device used for authentication.
- Divergences in the payment amount.
- If a Payment Service Provider (PSP) presents a device/software for authentication - devices/softwares analysis.
For the majority of legacy banks in Europe the transaction monitoring process is a well-known mechanism, yet when PSD2 appeared with new regulations and mandatory standards to follow many banks were in doubt. It was thought that banks currently employed transaction monitoring might not be sufficient and, therefore, cause implementation problems and require additional investments. In reality compliance with PSD2 brings more benefits to both users and the PSP as it creates security and reliability.
Transaction monitoring or transaction risk analysis?
Transaction monitoring is often confused with transaction risk analysis. In the setting of PSD2 transaction monitoring embraces the aforementioned analysis and is a legal mandatory process to maintain SCA.
On the other hand, transaction risk analysis entails comprehensive risk evaluation in real-time. It has a broader scope than transaction monitoring and analyses more risk aspects. For instance, risk analysis would look at the location of both parties, the PSP and consumer, and in case of low fraud risk a bank might take advantage of possible exemptions.