Paul Hossack

PSD2: Big or Small?

Discussion created by Paul Hossack Employee on Sep 13, 2019

I recently presented a webinar on the topic of upcoming changes to the EU’s Payment Services II (PSD2) that took effect on September 14 2019. This webinar can be accessed here: Are you ready for PSD2? 4 Key Areas of Focus


During this webinar, an interesting question was posed by an attendee:


With regards to PSD2, what are RSA and issuers doing to deal with the 5 transactions/ €100 “counters” problem?

Now I find this really is an interesting question. This is generally considered as one of the smaller problems to overcome in the sphere of PSD2, especially when set in the context of the wider problem of capturing mobile numbers, rolling out updates to your App to enable biometrics and worrying about how you will prepare the cardholders for all this stuff! But small, or not, it’s a very good question.

As part of PSD2, for financial institutions, when transactions are over the €30 “low value exemption” threshold, you are required to challenge your cardholders after either 5 transactions, or a total of €100 in smaller transactions has been reached (whichever comes first). With so many different channels at play, how do you orchestrate this across your remote CNP transaction base? Small is now getting bigger.

Solving this conundrum has been somewhat difficult for RSA’s customers recently, however through the use of standard API’s, RSA’s customers have been able to take transactional information from the online shopping channel, compare it with other streams (such as CNP over the phone) and return “threshold reach: challenge” indicators back to RSA.
At this point, RSA is able to revert back to being the cornerstone of the customers challenge strategy, which of course includes analysing the transaction with our world class Risk Engine in order to MINIMISE the likelihood of fraud and to provide smooth and reliable Strong Customer Authentication, which was the whole point of PSD2 in the first place, right?

So, perhaps the question is not “Are you PSD2 ready”, but moreover “Have you conquered the small stuff too?”

I would really like to hear your thoughts on how ‘you’ are addressing the small stuff in your organization.


I’m also including a link to a recent RSA White Paper titled, “Banking’s Digital Transformation – The Confident Pursuit of Opportunity in the Face of Rising Risk” for your reading pleasure.