Companies are largely unprepared for the E.U.’s revised Payment Services Directive (PSD2), scheduled to go into effect in September 2019, with concerns mounting that the stricter requirements will drive fraud from Europe to other regions, according to a new report from Aite Group.
The report, PSD2: Advent of the New Payments Market in Europe, commissioned by iovation, found that the U.S. and other regions will likely see an increase in online payment fraud because the strong customer authentication (SCA) requiring that PSPs apply multi-factor authentication for all electronic transactions legally only applies to European Economic Area (EEA).
“Regardless of PSD2 regulations, every financial organization around the globe should be reassessing their processes and security layers as fraud becomes more sophisticated and more successful,” said Ryan Wilk, vice president of Customer Success for Mastercard’s NuData Security.
Yet the report concluded that most companies are unprepared for the new regulations. According to a recent Mastercard study, only 25 percent of European online merchants know about the SCA requirements under PSD2, but the regulations, much like the General Data Protection Regulation (GDPR) will also impact businesses outside of the E.U. if the company provides payment services in the EEA.
“PSD2 changes the rules of the game for the global payments industry and is based on some of the same principles that constituted GDPR, enforcing consumer protection and security requirements on companies operating in the E.U.,” said Aite Group Senior Analyst, Ron van Wezel in a press release.