PSD2, the final stretch: good practices to know

Cyril Blondel
Updated on 23 April 2024 by Cyril Blondel
Reading Time: 3 minutes

The migration is coming to an end

Within the framework of the PSD2 (Payment Services Directive 2) migration announced by the Banque de France, there has been a gradual ramp-up since 1 October 2020. Soft decline (refusal by the buyer's bank to authorise a transaction without strong authentication) has already been active since this date for all transactions greater than or equal to €2,000. This threshold, which was lowered to €1,000 on 5 January, will go down to €500 on 15 February, and will disappear on 31 March 2021 in favour of strong authentication for all transactions.1

With soft decline, transactions without 3D Secure are therefore systematically rejected with a specific execution code ([4020] Strong customer authentication required by issuer), indicating that the merchant can attempt the authorisation again by applying strong authentication.

The new role of e-merchants: requesting exemptions

In order to continue offering customers a frictionless path, the RTS (Regulatory Technical Standards) of the PSD2 give e-merchants the option of requesting exemptions from strong authentication under certain conditions:

  • Justifying each request for exemption with a Transaction Risk Analysis (TRA)
  • Sharing useful data with the issuer to make decisions, using the new 3DS v2 protocol.

Here is the new path to benefit from "frictionless"2:

Here is the new path to benefit from frictionless

Best practices to keep customer paths fluid

To reconcile an effective fight against fraud with high acceptance rates, merchants have every interest in implementing certain good practices that will ultimately form a virtuous circle.

To be able to request an exemption and for it to be accepted by the issuers (cardholder’s banks), it is first and foremost necessary to comply with fraud rate thresholds, which are set per transaction amount.

Fraud rate thresholds imposed by the RTS

The more the requests for exemption are justified by a risk analysis, the more the merchant will be able to lower its fraud rate. Indeed, with TRA (Transaction Risk Analysis) the merchant sends a positive signal to issuers by showing that it is proactive in the fight against fraud. As a result, issuers will be more inclined to grant frictionless** and the merchant will mechanically increase its acceptance rate.

A virtuous circle

It is therefore essential for e-merchants to be aware of the exemptions applicable to their activity and to integrate this new risk logic into their anti-fraud strategy in order to take full advantage of the PSD2.

To find out more about good practices, check out the article by Sasha Pons, Chief Product Officer of Dalenys in E-commerce Mag (in French):

Also take a look at the automatic retry mechanism designed by Dalenys, which allows a transaction that was rejected in soft decline to be resubmitted with strong authentication:

Finally, to find out more about the PSD2, its challenges and our recommendations for merchants, download the white paper: PSD2: Reconciling compliance and a smooth customer experience

1 For details of migration plans by country, please visit our website:
2 frictionless, qualifies customer paths without strong authentication

Share this article
TwitterFacebookLinkedInCopy Link

Other posts that might
interest you