PSD2 Report Query Models in OneSpan Risk Analytics for Digital Banking

Risk Analytics provides reporting capability based on a set of available pre-defined models that allow creating report queries based on particular elements you might like to report. The PSD2 model in OneSpan Risk Analytics for Digital Banking is pre-configured with a number of default queries to help generate PSD2 monitoring as defined in the PSD2 Regulatory Technical Standard (PSD2 RTS).

Article 21 stipulates that it must be possible to extract the following data for a specific period, at least on a quarterly basis:

1. Total number of transactions

2. Total value of transactions

3. Average transaction value

4. Total value of unauthorized or fraudulent transactions

5. Resulting fraud rate percentage (=(D) divided by (B))

Such data should be made available, and it should be possible to filter them by specific breakdown criteria:

1. Global (no breakdown)

2. Breaking down the data only for transactions initiated through strong customer authentication

3. Breaking down the data only for transactions having matched one of the Strong Customer Authentication (SCA) exemptions

The article also foresees the possibility to extract the following data according to the period and each SCA exemption:

6. the ratio of number of transactions having matched the SCA exemptions in relation to the total number of transactions (=(A.iii) divided by (A.i))

Pre-defined report query models

The reporting tool of Risk Analytics allows to execute simple queries based on pre-defined models, with a possible aggregation (sum, count, average) of table columns. However, it does not allow performing a direct calculation of the ratio between table columns and aggregated table columns. Thus, it is not possible to extract the fraud rate percentage (E) and the ratio of each breakdown (F) directly with the report tool. Nonetheless, the missing ratios can be calculated from the reported elements.

The pre-defined report queries in the PSD2 model allow to extract data (A), (B), (C) and (D), either not broken down (i) or split per specific breakdown criteria (ii) and (iii). This will be achieved through the following possible reports:

• Monitoring global transactions

• Monitoring global transactions where SCA was performed

• Monitoring global transactions for each exemption group:

  • Monitoring Transactions 3 previous months with exemption on value transaction <= ETV

  • Monitoring Transactions 3 previous months with exemption on recurring subsequent transaction

  • Monitoring Transactions 3 previous months with exemption on transfer to same customer

  • Monitoring Transactions 3 previous months with exemption on trusted beneficiary

  • Monitoring Transactions 3 previous months with exemption on low value transaction

For these queries, the PSD2 report model exposes two views:

• LV_PSD2_TXN

• LV_PSD2_TXN_RULE_MATCHES

Report views in the PSD2 report model

*The default PSD2 report queries make usage of the IS_DISPUTED and DISPUTED_AMT_CH_BILL attributes as the PSD2 RTS stipulate that the fraud rate should be calculated as a ratio between “the total value of unauthorized or fraudulent […] transactions”¹ and “the total value of all transactions”² .

For customers that would extract a calculated fraud rate instead of data based on fraudulent transactions only (excluding unauthorized/declined transactions if they are not tagged as fraud), the attributes IS_ FRAUD and FRAUD_AMT_CH_BILL are also provided in the view.

LV_PSD2_TXN_RULE_MATCHES can be used to perform a breakdown on the SCA exemption, using the RULENAME attribute of this view as filtering condition (see Default queries in the PSD2 report model). It is possible to create a query where elements of the LV_PSD2_TXN and LV_PSD2_TXN_RULE_MATCHES views are combined.