Riskified (credit image/Pixabay/JoshuaWoroniecki)A new study has revealed that nearly half of European and UK-based eCommerce merchants are still struggling to comply with the Second Payment Services Directive (PSD2). This is despite the regulation coming into full enforcement, following the extended deadline.

The study was based on a survey of 207 decision-makers at organisations across Europe and the UK. It was commissioned by Riskified, a fraud management platform enabling frictionless eCommerce and conducted by Forrester Consulting. The research found that 45% of respondents are either following the minimum requirements of the regulation. Some are still resolving the issues related to PSD2 rollout.

It was planned that PSD2 would reduce fraud and make payments safer. However, 39% of merchants admitted that fraudulent chargebacks had increased on 3DS-authenticated transactions, negatively affecting their overall fraud rates.

Long way to optimisation

The PSD2 regulation was published in 2015, aiming to make Europe’s payment ecosystem safe, integrated, open and convenient. The regulation also introduced Strong Customer Authentication (SCA), requiring multi-factor verification for online transactions where a card is not present.

The study reveals that nearly half of organisations are complying with baseline PSD2 requirements or are still in troubleshooting mode. Trying to resolve technical or integration issues, on their way to optimised payment strategies.

(credit image/Roman Korobkov)
Roman Korobkov, PSD2 Domain Expert at Riskified.

The majority of survey respondents moved towards optimising their payment flows,” says Roman Korobkov, PSD2 Domain Expert at Riskified. “But those who are not ready yet are at a turning point in how to transform their payment strategy. These eCommerce merchants are attempting to work within these new guidelines. While trying to establish equilibrium between user experience, security and compliance. But they are looking for some more transparency across the ecosystem to make things work.

Fraud continues to proliferate

A large proportion of those surveyed revealed an increase in costs related to fraud prevention after PSD2 came into force. In fact, 43% said costs had increased, 3DS costs excluded, and of these, 57% said their spending increased by 25% or more compared to pre-PSD2 spending.

But while costs have gone up, merchants are still seeing an increase in fraudulent chargebacks on authenticated orders. This negatively affects their overall fraud rates. “While for many merchants 3DS, being an industry standard for Strong Customer Authentication, has proven to be efficient. It’s not a one-size-fits-all solution, and overreliance on it can be misleading. The technology is evolving, but so are the fraudsters, coming up with multiple ways of bypassing the security protocol. Now it’s all about building the right strategy tailored to the needs of business using the right data. As well as solutions and technology available in the market.”

Lock-ins and limitations

80% of the merchants surveyed believe that exemptions offered by a fraud prevention partner or by a payment service provider are proving their effectiveness. With exemptions, 60% of merchants report they can prevent over half of their orders from having to undergo SCA.

Having said that, some eCommerce decision-makers also shared they are facing exemption-related limitations. While technically eligible for higher exemptions thresholds, they are not able to exempt more due to overall limits established by their payment service providers.

Decision-makers surveyed also opened up about finding it difficult to leverage solutions available in the market due to being limited by the payments ecosystems of their PSPs. 31% said they were locked into specific tools offered by payment partners.

״PSPs are the ones offering 3Ds solution and exemption engines. They should be ready to open up their ecosystem and collaborate with solution providers to optimise payment processes,” says Korobkov. “Together with gaining more flexibility, optimising costs, improving authorisation rates, and getting more orders exempted from SCA. Ecommerce merchants can have access to more data and independently choose partners and solutions tailored to their specific needs.

What’s missing from PSD2?

Despite the concerns raised by in survey, it also identified some potential solutions to help merchants comply with the regulation. At the same time decreasing fraud rates and increasing revenues.

Respondents revealed that more data and transparency would help organisations advance their PSD2 strategies. Nearly two-thirds (65%) asked for greater transparency in payment processing fees. 61% want regular updates on market performance. 59% requested reviews of solutions available on the market to help optimise compliance with PSD2.

These findings highlight the need for better communication and transparency within the fraud and payments ecosystem. This will help merchants evolve their strategies and move from troubleshooting to optimisation.

The respondents surveyed stated that gaining a competitive advantage by optimising their payment flows under PSD2 is crucial for their future strategy, alongside improved customer experience, higher conversion rates, and increased customer retention.


The study was commissioned by Riskified and conducted by Forrester Consulting. 207 payments decision-makers across France, Germany, Italy and the UK at organisations with revenue of at least €75m/£62m were surveyed for this study. The survey was conducted in May 2022.

Enterprise Times: What this means for business.

It has been more than a year after the first anniversary of the enforcement deadline across the European Economic Area. This interesting Riskified study suggests nearly half of organisations are meeting with baseline PSD2 requirements. Some are still troubleshooting, trying to resolve technical or integration issues, on their way to optimised payment strategies.

It’s also worth noting that merchants are not resistant to PSD2. However, they believe it has the potential to improve their operations. Businesses are ready and willing to build strategies around PSD2 once the system is more transparent. Compliance itself is not the key goal. The key should be to provide a secure user experience which simply enables the efficient payment of goods and services.



Please enter your comment!
Please enter your name here