At Ekata we’ve been talking a lot about how big regulatory changes, like GDPR and PSD2, are going to affect long-term change in the payment industry.
In light of these complicated regulations, the central challenge for companies remains how to be compliant while still offering a relatively frictionless experience for consumers.
Karen Webster, the CEO of PYMNTS.com, interviewed our CEO, Rob Eleveld, about how GDPR and PSD2 are going to force companies to reevaluate their practices and their relationship of data.
You can listen to the full podcast here.
Meeting GDPR Requirements for Personal Data
Personal data is used by companies for a number of things, from personalized marketing to identity verification in order to prevent fraud. The way companies use that data has always been linked to customer experience, noted Rob.
“In the past you might sign up for an event with your business email, and low and behold in the next weeks 20 different companies are sending you spam email. I don’t think anyone likes that.”
GDPR aims to curb that use of personal data, though it leaves a cutout for data being used for fraud prevention. “GDPR is especially targeted at companies that are using data fast and loose for marketing purposes,” noted Rob.
One of the provisions is that individuals can request their data be suppressed or erased from databases — however, too many companies haven’t developed a good process for that. Many big merchants or banks have customer data that resides in multiple places, whether transaction logs, customer databases, or data for machine learning. “To remove somebody from all of those places is not a trivial requirement,” Rob noted.
Preparing for PSD2
PSD2 (Revised Payment Service Directive), is an EU Directive to regulate payment services and payment service providers throughout the European Union and European Economic Area. It will go into effect in September 2019.
The goal of PSD2, noted Rob, is to basically facilitate the process of more interaction and data sharing between banks. The data will help authenticate transactions in a more consistent way, particularly in cases when the card is not present. He expects to see the payments industry first targeting implementation of the 3D Secure 2.0 protocol for online payment authentication.
“In the short-term, we don’t see a lot of companies preparing for it,” he noted. He does believe that the companies who get to PSD2 compliance sooner will be able to provide a more frictionless experience within the requirements of the regulation. “Some companies are going to use that as a competitive advantage,” he said.
Regulatory Compliance or Best Practice?
Ultimately, Rob cautioned companies to not just view compliance as a regulatory requirement, but to see it as best practice and an opportunity to build a better relationships with their customers. “This is going to change the environment when it comes to working with our customers,” he said.
He recommended viewing compliance as an opportunity to focus on the customer experience. “We are in an instant gratification world,” he said. “But at the same time, the industry needs to not apologize for [increased friction].” Instead, he suggested focusing on educating customers about the need for some amounts of friction in order to keep their identity data safe.
He recommended that companies do a bit of soul searching when it comes to how they intend to use consumer data. “Are we storing data to protect our consumer, or do we want the data so we can market to them?” Rob asked. “You’re not going to have it both ways anymore.”