Company Name: iSignthis
Announcement Date: 17/05/2016
Announcement Category: Other
Announcement Content:
From mid next year, things are about to get tougher for all online merchants, and in particular the gaming industry. It wont be enough
that you have a great service with a successful marketing campaign, as friction is about to increase in two key areas of your customer
experience. The question is, what will you do about it?
As any online merchant will tell you, minimising the number of ‘clicks’ to get to checkout is key. However, your ability as a gamer to
convert prospective customers into paying ones relies also upon choice of payment methods and the crucial customer on boarding / fast
withdrawal process.
Both of these are about to be made a lot tougher by the introduction of the 4th AML/CTF Directive and the Payment Services Directive 2
(PSD2), which increase the burden on payment and identification requirements, and together can combine to create the perfect storm of
high friction and customer abandonment, unless you plan and design your customer experience around what’s regulatory permissible.
Many EU based online gamers and merchants are unaware that the PSD2 will require your Payment Services Provider (PSP) to
implement Strong Customer Authentication (SCA) for every transaction processed from an EU card issuer or wallet. The less
sophisticated PSP’s will likely do nothing until the last possible moment, and then force their merchants to use the greatest conversion
killer of all time - 3D Secure. Aside from abandonment rates of up to 70% (as reported by MasterCard itself1), the enrollment rate of this
absolutely horrid technology is miserably low around the world, except for jurisdictions such as the UK and Singapore that mandated it.
The reason? Consumers and merchants are aligned in that they really, really hate this 1990’s approach to authentication2. Being able to
receive payments from a wide variety of sources, with minimum fuss is key to every industry, and the forced defacto introduction of 3D
Secure by PSP’s as payment authentication for cards is not the way forward. To be fair, the closed ecosystem of PayPal is likely to
meet the PSD2 compliance requirements as they have been gradually implementing compliance, whereas many other EU based
wallets are likely to fall foul of the new regulations unless preparations are already well under way.
The background concerns that led to the PSD2 and “always on” Strong Customer Authentication for payments are real. More than
$16.31 billion was lost to card fraud globally last year3, with a significant proportion of that within the SEPA. Whilst more and more
predictive or risk based solutions are released to the market each year to protect businesses from fraud, the fraud statistics continue to
rise, with third party and “friendly” CNP fraud chargebacks reducing merchant’s profits year on year4. Clearly, relying on predictive
systems is ineffective, and often leads to false positives or false negatives, which have lead the regulators to introduce the PSD2 and
‘Strong Customer Authentication’ for every payment transaction. Use of risk based assessment (RBA) or predictive systems is not a
means of Strong Customer Authentication, so a rethink is required for those merchants relying on RBA services such as ReD, Kount,
Cybersource or similar within the SEPA.
Given these challenges in payments, the industry probably already has enough to deal with next year. Lets now throw into the mix the
4th AML/CTF Directive (4AMLD) regulations, which drive Know Your Customer (KYC) requirements, which in turn mandate how
customer on boarding can be achieved. Part of the 4AMLD requirements are that continuous due diligence and transaction monitoring
will also become more stringent as we approach implementation date of 27th June 2017.
Operator costs look set to mount, and we are all aware of the growing cost of online fraud, compliance and associated breach penalties,
together with slow and laborious manual systems associated with Know Your Customer (KYC) processes that will lead to fewer
customers being on-boarded.
Is it to much to ask for a solution that can automate online KYC, counteract fraud by providing PSD2 mandated payment
authentication, whilst at the same time offering a 4AMLD compliance solution?
Remote identification of customers poses an array of challenges for the consumer and the merchant. The business requirement to
perform Know Your Customer (KYC) checks online has dramatically increased, with AML/CTF obligated merchants seeking to acquire
customers remotely, and in most cases seeking to release the tether to bricks and mortar entirely by use of automated means.
Last century solutions that use database lookups aren't the answer. Many gaming operators are aware of the country reach limitations,
jurisdictional use restrictions and match rate issues associated with historic personal data databases. Searches are performed using a
person’s name, date of birth and address and comparing that information to a government regulated database register, for example an
electoral roll and credit reference data. The issue with this process is that a lot of the databases are out dated due to demographic
changes in population, or lack of updates or have compromised data removed, resulting in a decrease in match rates. With more than
480 million leaked records last year exposing sensitive personal information , these last century approaches to 5 identity have become
defenceless against online fraudsters and identity impersonation. They are also only a small piece of the AML challenge, which includes
identifying the source of funding, monitoring it, identifying and verifying the customer, and analysing the results for suspicious
transactions. The PSD2 and its requirement for Strong Customer Authentication further complicates the requirements.
However, the PSD2 regulations are technologically neutral, and they do not mandate the use of 3D Secure. Article 97 of the PSD2
requires Strong Customer Authentication, which is basically two factor authentication linked to KYC, so merchants can seek other
options via their PSP.
So, taking all that into account, the question that you should be asking your PSP and KYC providers is, do they work together
to minimise friction whilst helping you comply with both the 4th AML directive and the PSD2?
iSignthis is the first of its kind that offers a patented solution for digital KYC compliance for the 4th (and 3rd) AML Directive, in addition to
PSD2 Strong Customer Authentication, via a single API and unified low friction customer process. Our unique patented approach
incorporates real time processing of authenticated payments coupled with remote KYC identification.
The iSignthis approach delivers automated customer on-boarding and payments simultaneously, and importantly, it satisfies
regulators.
A byproduct of what we do, is that as we secure the payment environment, we also protect online customers, whilst at the same the time
assisting merchants with a means for CNP chargeback reversal via the card scheme operating rules and PSD2.
With a global reach of 3.5B financially-included persons, located in over 200 countries, our solution is able to identify any customer able
to make an online payment via card, reaching into territories where the last century data brokers have no reach. This is achieved
through our 21st century patented process, whereby we unlock the KYC in a regulated payment instrument to satisfy AML regulatory
requirements. By combining KYC on-boarding with the payment transaction, merchants are able to reduce friction, collect payment
upfront, and allow an intuitive, user-friendly process that leads to prospective customers’ conversion to paid up customer, whilst meeting
the complex web of requirements of the 4AMLD and PSD2.
Now, isn't that worth having a chat to us about? If you would like to know more about iSignthis’ solutions get in touch at
[email protected].
1 See Page 5 of http://globalrisk.mastercard.com/wp-content/uploads/2015/12/Advantages-of-Risk-Based-Authentication.pdf
2 Visa’s Patent for 3D Secure was filed May 2002
3 http://www.businesswire.com/news/home/20150804007054/en/Global-Card-Fraud-Losses-Reach-16.31-Billion
4 https://www.ecb.europa.eu/pub/pdf/other/4th_card_fraud_report.en.pdf
5 http://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2015-over-275-million-leaked-records
Announcement URL: https://www.linkedin.com/pulse/4amld-psd2-must-read-httpowlyi54n300dl9i-chris-henry?trk=prof-post
About iSignthis:
Australian Securities and Frankfurt Stock Exchange listed iSignthis Ltd (ASX : ISX / FRA : TA8) is the only neobank focussed on making business banking simpler. We are the global leader in remote identity verification, payment authentication and payment processing to meet AML/CFT requirements. iSignthis provides an end-to-end on-boarding service for merchants, with unified deposit taking, IBAN accounts, payments, card acquiring and identity service via our Paydentity and ISXPay® solutions.
By converging payments and identity, iSignthis delivers regulatory compliance to an enhanced customer due diligence standard. We offer global reach to any of the world’s 4.2Bn ‘bank verified’ card or account holders, that can be remotely on-boarded to regulated merchants in as little as 3 to 5 minutes.
iSignthis is the trusted back office solution for regulated entities, allowing our customers to stay ahead of the regulatory curve and focus on growing their core business.
We are a principal of Visa, Mastercard, JCB, ChinaUnionPay and AMEX.
Go to Company Profile for: iSignthis
Announcement Contact: [email protected]