Balancing between security, convenience and regulatory requirements- from challenges to success


„Regulatory requirements are there not to create obstacles for the business but to bring progress within the industry. In this case, to protect the cardholders and the business from the growing fraud. We made the best use of it. Even though the adaptation and implementation process were pretty challenging, by having the right partner on our side, as Netcetera, we created positive stories.

It turned out that improving the challenge process was crucial for our success, unlike the widely accepted opinion that this can be achieved only through maximizing the exemptions. “ – says Markus Graf-Marschallek, Head of Card Service & Fraud Management Cards at Erste Bank.

Read more in the interview with Graf-Marschallek on how Erste Bank sustained excellent customer experience with positive business results while complying with all regulatory requirements.

"Regulatory requirements are there not to create obstacles for the business but to bring progress within the industry. In this case, to protect the cardholders and the business from the growing fraud. "


Considering the overall perspective on how challenging the initial 3-D secure journey was seen and the enforcement of the PSD2 regulations, how did you manage it?

It is no secret that back in the past, 15 years ago, when 3-D Secure came into the market, even though it was seen as a game-changer in security and fighting fraud, it was first rejected, especially by the big merchants. In parallel, onboarding our customers to the service was quite a challenge.

The fundamental goal was to reduce the risk of fraud. So, we, as a card issuer, were faced with lots of questions during its implementation. This step, of course, was later accepted when we undertook additional measures thoroughly explained in our case study. In the meantime, while looking for a reliable ACS provider, we turned to Netcetera’s 3-D Secure Issuer Service.

We found a reliable and stable partner with experience, excellent card network knowledge, and connections, but most of all, a well-operating ACS. We saw this in the personalised customer approach of Netcetera, highlighted in their innovative operations and constantly up to date with trends and regulatory mandates.

When PSD2 was enforced in the EEA and SCA became mandatory, we embraced the new requirements. We did not see our 3DS success rate in danger but saw it as a chance to increase fraud protection. Partnering with Netcetera and using their reliable solutions enabled us to achieve an even better 3DS success rate than what we had prior to the PSD2 enforcement in 2021. Their measures resulted in high frictionless rates with intuitive challenge flow and automatic card enrollment. Overall we turned our challenges into success stories.

How do you explain the statement, “Frictionless is king”?

Frictionless is not the only thing to focus on, but it is one of the essentials. We were happy to see rising numbers of 3DS transactions, which did not end in higher abandonments but in a better overall success rate. Next to it, using the powerful tool for mitigating fraud, TRA exemption, and RBA improved the success rate and the customer experience. We saw a significant reduction in fraudulent transactions in the EEA.

We at Erste Bank decided very early to implement Risk Based Authentication (RBA) to reduce abandonments and renew customer experience in card payments. RBA is a critical key element to minimise friction for the customer and improve approval rates. But, focusing on the challenging experience was decisive in achieving a stable overall success rate.

What about securing a seamless 3-D Secure experience for App and Browser Channel Transactions?

Recognising the importance of a seamless experience for app and browser channel transactions, Erste Bank took measures to address technical issues, particularly for App Channel transactions. We introduced the Merchant App URL redirect to prevent transaction timeouts and enabled the automatic redirect back to the merchant app after authentication. We would happily see as many merchants as possible support this. The other action we took is to focus on frictionless transactions for App channel transactions. So, our frictionless rate is way higher than on the browser, bringing us nearly the same overall success rates for both channels.

Educating our cardholders was one of the crucial factors too. Providing a seamless experience to our customers results from a set of right decisions: partnering with Netcetera, and using a set of solutions they offer, helped us substantially in our anti-fraud measurement and ensures us to fulfil all regulatory requirements.


Looking ahead, how will you continue to adapt to the fast-developing fraud environment and changing regulatory landscape?

Luckily, we are partnering with one of the leading providers in this area, so we are not alone on this journey.

Regarding fraud, I think behavioural-based monitoring with risk scoring and machine learning techniques will be the most crucial thing in the following years with the rising numbers of phishing, fully authenticated fraud, identity theft and manipulation of the payers.

We must remember that next to technology, educating customers and strengthening their digital competence and liability is paramount in achieving business success and bringing progress into the world of e-commerce.

Case study

Strong Authentication. Security. Seamless experience.

From Challenge to Success: Erste Bank’s 3-D Secure Journey

Weitere Stories

Zu diesem Thema