Transaction risk analysis (TRA) is a powerful tool for acquiring banks to ensure a secure and seamless payment experience for both merchants and their customers. In the ever-evolving world of online transactions, TRA plays a crucial role in minimizing fraudulent activities and reducing risk exposure for acquirers.
What is Transaction Risk Analysis?
The EU’s revised Payment Services Directive introduced new requirements for Strong Customer Authentication (SCA) standards. However, transaction risk analysis lets merchants bypass stricter authentication standards.
It’s a process that involves the assessment of individual transactions in real-time to identify and mitigate the risk of fraud. TRA involves the use of various tools and techniques to evaluate the legitimacy of a transaction by analyzing factors such as transaction patterns, user behavior, and the merchant’s history.
By conducting a thorough risk analysis, acquiring banks can determine whether a transaction should be approved, declined, or subjected to further verification. This helps maintain a balance between reducing friction for genuine customers and preventing fraudulent transactions.
To Whom Does TRA Apply?
Exemptions for transaction risk analysis are implemented at the bank level. Transaction risk analysis usage depends on the transaction sum, coupled with the acquirer’s fraud rate (rather than the merchant’s). Thus, merchants must collaborate with banks capable of employing TRA.
Below are the transaction dollar value thresholds, as well as the fraud rates under which a bank must remain to deploy TRA for transactions within that range:
- €0–€100 Transactions: Fraud rate below 0.13%
- €0–€250 Transactions: Fraud rate below 0.06%
- €0–€500 Transactions: Fraud rate below 0.01%
Merchants may seek TRA exemptions for transactions classified as “low risk” by the participating banks. Naturally, they require an internal system to distinguish these low-risk transactions from high-risk rejections. This is the point at which acquirers should encourage their merchant clients to look to their internal practices to reduce risk.
TRA Acquirer Requirements
An acquiring bank must meet specific requirements to deploy TRA effectively. Also, according to PSD2 and the Strong Customer Authentication regulations, acquirers can use TRA under certain circumstances. These include:
Acquirers can apply TRA for low-risk transactions when they meet the conditions set by the regulatory technical standards (RTS) on SCA and secure communication. This allows for exemptions based on the transaction’s risk level, enabling frictionless payments for customers.
TRA can be deployed for transactions below specific monetary thresholds, as defined by the regulators. For example, a transaction value below €30 may be exempted from SCA, provided that the overall fraud rate of the acquirer remains below the required reference fraud rates.
Overall Fraud Rates
Acquiring banks must maintain a low overall fraud rate to be eligible to use TRA exemptions. The regulatory technical standards define fraud rate thresholds depending on the transaction’s value. For instance, a 0.13% fraud rate is acceptable for transactions below €100, while a 0.06% fraud rate is required for transactions below €250.
Tools That Can Be Used to Analyze Risk
Acquiring banks can employ various tools and techniques to analyze the risk associated with a transaction. Some of these include:
Machine Learning Algorithms
Advanced algorithms can be used to assess transaction risk by analyzing historical data, identifying patterns, and predicting potential fraud. Machine learning models continuously learn and adapt, improving their accuracy in detecting fraudulent transactions over time.
By examining user behavior, such as the device used, IP address, geolocation, and browsing patterns, acquiring banks can identify potential risk factors and assess the likelihood of a transaction being genuine or fraudulent.
Risk scoring systems assign a score to each transaction based on predetermined risk factors. A higher score indicates a higher likelihood of fraud, while a lower score suggests a lower risk. This helps acquirers make informed decisions on whether to approve, decline, or subject a transaction to further verification.
These systems use pre-set rules to determine the risk level of a transaction. For instance, transactions from specific countries, IP addresses, or merchants may be flagged as high-risk and subjected to additional authentication measures.
Effect of TRA: Is it Helping?
Several studies and reports suggest that TRA is indeed effective in reducing friction for legitimate customers while preventing fraudulent transactions. According to a report by ACI Worldwide, the use of machine learning and advanced analytics in transaction risk analysis has led to a significant reduction in false positives and an increase in the detection of genuine fraud cases. The report shows that false declines have dropped by 25% while the detection rate of genuine fraud has increased by 30%.
In another study by Juniper Research, the implementation of TRA and other advanced fraud prevention techniques has been found to save businesses an estimated $9.6 billion annually since 2021. This indicates that TRA is not only effective in preventing fraud but also in reducing the overall cost associated with it.
Moreover, a research paper by Mastercard highlights the role of TRA in providing a frictionless payment experience for customers. The study found that the implementation of TRA led to a 20% reduction in checkout abandonment rates and a 15% increase in the approval rate for legitimate transactions.
Transaction risk analysis has proven to be an essential tool for acquiring banks in maintaining a secure and seamless payment environment. By implementing TRA, acquirers can balance the need for security with a frictionless customer experience, effectively reducing false positives and preventing fraudulent transactions.
Using advanced tools and technologies, acquiring banks can continue to innovate and adapt their risk analysis strategies to stay ahead of evolving fraud threats and provide a better payment experience for both merchants and customers.