PSD2 Trusted Beneficiary
PSD2 trusted beneficiary exemption is a part of the Strong Customer Authentication (SCA) requirement that was defined by the Regulatory Technical Specifications (RTS). Since PSD2 governors didn’t produce a regulated way to implement exemptions, the decision of whether to accept exemption requests or still demand SCA was left to issuing banks.
In this situation, the judgment could depend on various speculations, such as technical capabilities or internal risk analysis for transactions. However, it is expected that over the years some consensus will emerge.
The purpose of PSD2 trusted beneficiary exemption
The PSD2 trusted beneficiary exemption permits cardholders to create a list of trusted beneficiaries which is held by the issuing bank. Beneficiaries indicate merchants, who are the ones that receive a transaction placed by the cardholder. This process is known as Merchant White Listing (MWL) and after performing it a cardholder can complete further electronic payment transactions without the need of SCA.
MWL facilitates frictionless user experience which in turn acts as a way of reducing the number of abandoned shopping carts.
PSD2 trusted beneficiary exemption guidelines
To successfully use MWL concerned parties must follow guidelines defined by the PSD2 regulations:
- To enable whitelisting a merchant a cardholder must perform SCA.
- Ensure that a merchant cannot enable MFL themselves.
- Issuers must follow GDPR, therefore, changes to their terms and conditions should be adjusted respectively. The privacy notice should familiarise cardholders with the erudition on the MFL usage and storage.
- The issuer must ensure that a cardholder has the possibility to exclude merchants from their MFL whenever they demand it.
These are fundamental guidelines to ensure stable performance while using PSD2 trusted beneficiary exemption. However, there are other initiatives on the way that should help implement PSD2 and SCA. For instance, Visa is expected to launch feasibility for a cardholder to add merchants to their MFL after using SCA for the first time during the checkout process. This program goes under the name of Visa Trusted Listing and anyone who participates will be given a unique 8 digit number - Visa Merchant Identifier (VMID).
Potential risks of using PSD2 trusted beneficiary exemptions
PSD2 trusted beneficiary exemption permits cardholders to perform a transaction without needing to use Two Factor Authentication (2FA) under the SCA requirements. While for a consumer this is an excellent occasion to decrease the purchasing process, for other involved parties it can bring pitfalls that might affect the revenue. If a merchant obtains this exemption then they will be responsible for any fraud-related chargebacks. Even more, a merchant abandons their ability to transfer liability to the issuer on exempt transactions.
Furthermore, a merchant might face an inability to avoid chargebacks that had no hint of fraud relation. The European Payment Council states that if there was no SCA used on a cardholder's transactions, then the payer can demand full compensation. This is only in cases where the cardholder showed no fraudulent activity when performing the transaction.
In the end, PSD2 trusted beneficiary exemption is a great way to enhance customer satisfaction and user experience, nevertheless, merchants should consider the implied risks before moving forward with putting them into practice.