Abandon last century’s solutions before customers abandon you: the PSD2, 4AMLD & customer friction.

From mid next year, things are about to get tougher for all online merchants, and in particular the gaming industry. It wont be enough that you have a great service with a successful marketing campaign, as friction is about to increase in two key areas of your customer experience. The question is, what will you do about it?

As any online merchant will tell you, minimising the number of ‘clicks’ to get to checkout is key. However, your ability as a gamer to convert prospective customers into paying ones relies also upon choice of payment methods and the crucial customer on boarding / fast withdrawal process.

Both of these are about to be made a lot tougher by the introduction of the 4th AML/CTF Directive and the Payment Services Directive 2 (PSD2), which increase the burden on payment and identification requirements, and together can combine to create the perfect storm of high friction and customer abandonment, unless you plan and design your customer experience around what’s regulatory permissible.


Many EU based online gamers and merchants are unaware that the PSD2 will require your Payment Services Provider (PSP) to implement Strong Customer Authentication (SCA) for every transaction processed from an EU card issuer or wallet. The less sophisticated PSP’s will likely do nothing until the last possible moment, and then force their merchants to use the greatest conversion killer of all time - 3D Secure. Aside from abandonment rates of up to 70% (as reported by MasterCard itself1), the enrollment rate of this absolutely horrid technology is miserably low around the world, except for jurisdictions such as the UK and Singapore that mandated it. The reason? Consumers and merchants are aligned in that they really, really hate this 1990’s approach to authentication2. Being able to receive payments from a wide variety of sources, with minimum fuss is key to every industry, and the forced defacto introduction of 3D Secure by PSP’s as payment authentication for cards is not the way forward. To be fair, the closed ecosystem of PayPal is likely to meet the PSD2 compliance requirements as they have been gradually implementing compliance, whereas many other EU based wallets are likely to fall foul of the new regulations unless preparations are already well under way.


The background concerns that led to the PSD2 and “always on” Strong Customer Authentication for payments are real. More than

$16.31 billion was lost to card fraud globally last year3, with a significant proportion of that within the SEPA. Whilst more and more predictive or risk based solutions are released to the market each year to protect businesses from fraud, the fraud statistics continue to rise, with third party and “friendly” CNP fraud chargebacks reducing merchant’s profits year on year4. Clearly, relying on predictive systems is ineffective, and often leads to false positives or false negatives, which have lead the regulators to introduce the PSD2 and

‘Strong Customer Authentication’ for every payment transaction. Use of risk based assessment (RBA) or predictive systems is not a means of Strong Customer Authentication, so a rethink is required for those merchants relying on RBA services such as ReD, Kount, Cybersource or similar within the SEPA.


Given these challenges in payments, the industry probably already has enough to deal with next year. Lets now throw into the mix the 4th AML/CTF Directive (4AMLD) regulations, which drive Know Your Customer (KYC) requirements, which in turn mandate how customer on boarding can be achieved. Part of the 4AMLD requirements are that continuous due diligence and transaction monitoring will also become more stringent as we approach implementation date of 27th June 2017.

Operator costs look set to mount, and we are all aware of the growing cost of online fraud, compliance and associated breach penalties, together with slow and laborious manual systems associated with Know Your Customer (KYC) processes that will lead to fewer customers being on-boarded.

Is it to much to ask for a solution that can automate online KYC, counteract fraud by providing PSD2 mandated payment authentication, whilst at the same time offering a 4AMLD compliance solution?

Remote identification of customers poses an array of challenges for the consumer and the merchant. The business requirement to perform Know Your Customer (KYC) checks online has dramatically increased, with AML/CTF obligated merchants seeking to acquire customers remotely, and in most cases seeking to release the tether to bricks and mortar entirely by use of automated means.


Last century solutions that use database lookups aren't the answer. Many gaming operators are aware of the country reach limitations, jurisdictional use restrictions and match rate issues associated with historic personal data databases. Searches are performed using a person’s name, date of birth and address and comparing that information to a government regulated database register, for example an electoral roll and credit reference data. The issue with this process is that a lot of the databases are out dated due to demographic changes in population, or lack of updates or have compromised data removed, resulting in a decrease in match rates. With more than 480 million leaked records last year exposing sensitive personal information5, these last century approaches to identity have become defenceless against online fraudsters and identity impersonation. They are also only a small piece of the AML challenge, which includes identifying the source of funding, monitoring it, identifying and verifying the customer, and analysing the results for suspicious transactions. The PSD2 and its requirement for Strong Customer Authentication further complicates the requirements.

However, the PSD2 regulations are technologically neutral, and they do not mandate the use of 3D Secure. Article 97 of the PSD2 requires Strong Customer Authentication, which is basically two factor authentication linked to KYC, so merchants can seek other options via their PSP.


So, taking all that into account, the question that you should be asking your PSP and KYC providers is, do they work together to minimise friction whilst helping you comply with both the 4th AML directive and the PSD2?


iSignthis is the first of its kind that offers a patented solution for digital KYC compliance for the 4th (and 3rd) AML Directive, in addition to PSD2 Strong Customer Authentication, via a single API and unified low friction customer process. Our unique patented approach incorporates real time processing of authenticated payments coupled with remote KYC identification.


The iSignthis approach delivers automated customer on-boarding and payments simultaneously, and importantly, it satisfies regulators.


A byproduct of what we do, is that as we secure the payment environment, we also protect online customers, whilst at the same the time assisting merchants with a means for CNP chargeback reversal via the card scheme operating rules and PSD2.


With a global reach of 3.5B financially-included persons, located in over 200 countries, our solution is able to identify any customer able to make an online payment via card, reaching into territories where the last century data brokers have no reach. This is achieved through our 21st century patented process, whereby we unlock the KYC in a regulated payment instrument to satisfy AML regulatory requirements. By combining KYC on-boarding with the payment transaction, merchants are able to reduce friction, collect payment upfront, and allow an intuitive, user-friendly process that leads to prospective customers’ conversion to paid up customer, whilst meeting the complex web of requirements of the 4AMLD and PSD2.


Now, isn't that worth having a chat to us about? If you would like to know more about iSignthis’ solutions get in touch at

contact@isignthis.com.