Balancing between security, convenience and regulatory requirements- from challenges to success

„Regulatory requirements are there not to create obstacles for the business but to bring progress within the industry. In this case, to protect the cardholders and the business from the growing fraud. We made the best use of it. Even though the adaptation and implementation process were pretty challenging, by having the right partner on our side, as Netcetera, we created positive stories.

It turned out that improving the challenge process was crucial for our success, unlike the widely accepted opinion that this can be achieved only through maximizing the exemptions. “ – says Markus Graf-Marschallek, Head of Card Service & Fraud Management Cards at Erste Bank.

Read more in the interview with Graf-Marschallek on how Erste Bank sustained excellent customer experience with positive business results while complying with all regulatory requirements.

Considering the overall perspective on how challenging the initial 3-D secure journey was seen and the enforcement of the PSD2 regulations, how did you manage it?

It is no secret that back in the past, 15 years ago, when 3-D Secure came into the market, even though it was seen as a game-changer in security and fighting fraud, it was first rejected, especially by the big merchants. In parallel, onboarding our customers to the service was quite a challenge.

The fundamental goal was to reduce the risk of fraud. So, we, as a card issuer, were faced with lots of questions during its implementation. This step, of course, was later accepted when we undertook additional measures thoroughly explained in our case study. In the meantime, while looking for a reliable ACS provider, we turned to Netcetera’s 3-D Secure Issuer Service.

We found a reliable and stable partner with experience, excellent card network knowledge, and connections, but most of all, a well-operating ACS. We saw this in the personalised customer approach of Netcetera, highlighted in their innovative operations and constantly up to date with trends and regulatory mandates.

When PSD2 was enforced in the EEA and SCA became mandatory, we embraced the new requirements. We did not see our 3DS success rate in danger but saw it as a chance to increase fraud protection. Partnering with Netcetera and using their reliable solutions enabled us to achieve an even better 3DS success rate than what we had prior to the PSD2 enforcement in 2021. Their measures resulted in high frictionless rates with intuitive challenge flow and automatic card enrollment. Overall we turned our challenges into success stories.

What about securing a seamless 3-D Secure experience for App and Browser Channel Transactions?

Recognising the importance of a seamless experience for app and browser channel transactions, Erste Bank took measures to address technical issues, particularly for App Channel transactions. We introduced the Merchant App URL redirect to prevent transaction timeouts and enabled the automatic redirect back to the merchant app after authentication. We would happily see as many merchants as possible support this. The other action we took is to focus on frictionless transactions for App channel transactions. So, our frictionless rate is way higher than on the browser, bringing us nearly the same overall success rates for both channels.

Educating our cardholders was one of the crucial factors too. Providing a seamless experience to our customers results from a set of right decisions: partnering with Netcetera, and using a set of solutions they offer, helped us substantially in our anti-fraud measurement and ensures us to fulfil all regulatory requirements.

Looking ahead, how will you continue to adapt to the fast-developing fraud environment and changing regulatory landscape?

Luckily, we are partnering with one of the leading providers in this area, so we are not alone on this journey.

Regarding fraud, I think behavioural-based monitoring with risk scoring and machine learning techniques will be the most crucial thing in the following years with the rising numbers of phishing, fully authenticated fraud, identity theft and manipulation of the payers.

We must remember that next to technology, educating customers and strengthening their digital competence and liability is paramount in achieving business success and bringing progress into the world of e-commerce.