Research finds consumers in the dark about PSD2

Research recently released by fraud prevention company Forter, has found that only a third of UK consumers (34%) were aware of the Second Payment Services Directive (PSD2) legislation, mandatingthat merchants add an additional verification step for online payment authentication. The new rules mean consumers have to go through two of three types of verification, related to:knowledge – something the user will know, such as a password or PIN;possession – something the user has access to, such as a mobile phone; or inherence – something the user ‘is,’  such as a thumbprint or retina scan.  

PSD2 was passed into law by the European Union in 2015 in an attempt to reduce the occurence of payments fraud. The law came into force across most of Europe on 14 September 2019;however, the Financial Conduct Authority (FCA) announced an enforcement delay until March 2021 for the UK. The delay is intended to give retailers and businesses more time to prepare for the requirements set out by PSD2.

Around half of UK consumers (49%) are likely to abandon future purchases when faced with a multi-step authentication process according to the study, highlighting astrongly negative perception of the regulation.

Consumers are even less welcoming of the authentication process when their attention is drawn to specific verification methods. Facial recognition is most likely to cause rejection, with six in 10 consumers (60%) saying they would be likely to abandon their purchase if asked to authenticate via Face ID. Fingerprint ID sees a similarly high level (54%) of likely purchase abandonment. Even the more well-known methods of verification see at least two in five consumers reluctant to continue a purchase when used as part of a multi-step process: email verification sees 46% likely to reject a purchase, while 3D Secure (3DS) would be rejected by 45%, and SMS would have a 44% rejection rate.

Michael Reitblat, CEO and Co-Founder of Forter commented: “The UK was one of the first EU markets to confirm a formal delay of PSD2 enforcement. Irrespective of this 18-month delay, fraudsters will continue to capitalise on merchants’ weak spots. It is  the responsibility of businesses to shore up defenses at all stages of the customer journey, and not only at the payment stage. Online merchants shouldn’t use this time as an excuse to hold off on compliance; instead they should work to improve their fraud prevention measures ahead of enforcement.”


Michael Reitblat
CEO and Co-Founder