At Ekata weโve been talking a lot about how big regulatory changes, like GDPR and PSD2, are going to affect long-term change in the payment industry.
In light of these complicated regulations, the central challenge for companies remains how to be compliant while still offering a relatively frictionless experience for consumers.
Karen Webster, the CEO of PYMNTS.com, interviewed our CEO, Rob Eleveld, about how GDPR and PSD2 are going to force companies to reevaluate their practices and their relationship of data.
You can listen to the full podcast here.
Meeting GDPR Requirements for Personal Data
Personal data is used by companies for a number of things, from personalized marketing to identity verification in order to prevent fraud. The way companies use that data has always been linked to customer experience, noted Rob.
โIn the past you might sign up for an event with your business email, and low and behold in the next weeks 20 different companies are sending you spam email. I donโt think anyone likes that.โ
GDPR aims to curb that use of personal data, though it leaves a cutout for data being used for fraud prevention. โGDPR is especially targeted at companies that are using data fast and loose for marketing purposes,โ noted Rob.
One of the provisions is that individuals can request their data be suppressed or erased from databases โ however, too many companies havenโt developed a good process for that. Many big merchants or banks have customer data that resides in multiple places, whether transaction logs, customer databases, or data for machine learning. โTo remove somebody from all of those places is not a trivial requirement,โ Rob noted.
Preparing for PSD2
PSD2 (Revised Payment Service Directive), is an EU Directive to regulate payment services and payment service providers throughout the European Union and European Economic Area. It will go into effect in September 2019.
The goal of PSD2, noted Rob, is to basically facilitate the process of more interaction and data sharing between banks. The data will help authenticate transactions in a more consistent way, particularly in cases when the card is not present. He expects to see the payments industry first targeting implementation of the 3D Secure 2.0 protocol for online payment authentication.
โIn the short-term, we donโt see a lot of companies preparing for it,โ he noted. He does believe that the companies who get to PSD2 compliance sooner will be able to provide a more frictionless experience within the requirements of the regulation. โSome companies are going to use that as a competitive advantage,โ he said.
Regulatory Compliance or Best Practice?
Ultimately, Rob cautioned companies to not just view compliance as a regulatory requirement, but to see it as best practice and an opportunity to build a better relationships with their customers. โThis is going to change the environment when it comes to working with our customers,โ he said.
He recommended viewing compliance as an opportunity to focus on the customer experience. โWe are in an instant gratification world,โ he said. โBut at the same time, the industry needs to not apologize for [increased friction].โ Instead, he suggested focusing on educating customers about the need for some amounts of friction in order to keep their identity data safe.
He recommended that companies do a bit of soul searching when it comes to how they intend to use consumer data. โAre we storing data to protect our consumer, or do we want the data so we can market to them?โ Rob asked. โYouโre not going to have it both ways anymore.โ