3D Secure protocol has been offering customers security for sixteen years, by offering an additional layer of protection for online transactions that require a card to be present.
Additionally, it protects merchants from fraudulent chargebacks by verifying the identity of cardholders prior to payment at the issuing bank.
Despite the advantages that protect both retailers as well as consumers, the process has created some kind of hate/love relationship between users of the 3DS protocol and its users.
It’s like taking medicine. You know it’s good for you and can protect you from the risk of disease however it can be a hassle to keep track of it and could leave an unpleasant smell in your mouth.
Pain Points Of The Original Protocol
While the risk of fraud and crime by using online payment methods is well-known, however, the reality is that the vast majority of online customers do not have to confront it directly.
If they’re faced with the authentication process during the checkout process the majority of them either believe they’re not needed and see it as nothing more than an inconvenience or the other way around they may not be familiar with the procedure and think of it as a security risk when asked to provide additional details.
Both scenarios can are a negative impact on the user experience and may make the customer drop the purchase. This can have a direct effect on conversion rates, and consequently, merchants may not be as keen to implement the protocol at all.
The issue is that fraud on the internet isn’t going away. Actually, it’s becoming more serious, as criminals are looking for more sophisticated methods of stealing our online payment transactions.
Thus, the security of 3D Secure is becoming more and more crucial as time goes by.
The Solution is 3D Secure 2.0
the EMVCo addresses these issues head-on by introducing the new 3D Secure 2.0 specification.
This has greatly enhanced greatly the 3DS gaming experience when using mobile devices. It has also made it possible for merchants to protect their customers from fraud across a variety of platforms.
3DS 2.0 also enables non-payment authentication, such as when users input their credit card information into the mobile wallet.
A strong emphasis in the SCA such as Two Factor Authentication (e.g. Time passwords and biometric authentication) additionally means the protocols are compliant with laws such as PSD2 which makes it simple for financial institutions who implement 3DS 2.0 to meet the requirements.
The most important thing is that 3DS 2.0 is greatly enhancing customer satisfaction with 3DS2 Frictionless Flow and the use of risk-based authentication.
What is Risk-Based Authentication?
Risk-based authentication is the method of assessing the risk associated with a specific transaction, and, based on the level of risk, whether or not the user is to be tested with additional authentication actions.
Through facilitating greater data exchanges and data sharing in online transactions 3D Secure 2.0 increases the authentication capabilities based on the risk of the issuer and retailer.
The additional information elements that are available at the time of the transaction may be utilized by both issuers as well as sellers to make a more informed decision on when to proceed using 3D Secure authentication steps.
Transactions are screened for factors that could place them into different risk categories.
These risk-based elements comprise:
- The worth of the transaction
- Existing or new customer
- Transactional history
- Behavioural past
- Information about the device
In the event that the merchant finds that a card that is new has been being used by a user who has no transaction history, the risk is likely to be considered to be high during the time the authentication process is necessary.
However, if the seller does not have the payment card in the system and the buyer has made previous payments on it, the chance will be minimal and 3D Secure authentication could be bypassed for the transaction.
Similar to the situation if the user has a previous purchase history on the platform, however, is possibly making purchases on a device that they’ve not ever used before, the seller may decide to require verification using 3DS because there’s an unknown factor.
How Does this Promote 3DS2 Frictionless Flow?
With the help of risk-based authentication by the ACS, a 3DS2 frictionless flow allows issuers to accept an order without the need to communicate with the cardholder.
If a customer buys online, they will add the purchase to their cart. They would then fill in the usual purchase details and then make sure to verify the transaction.
The details of the purchase, including information about the device, the item purchased and the value is sent to the ACS server for verification of whether the credit card holder is authentic.
An ACS will then review it for risk-based aspects. When the threat is considered to be minimal The ACS can verify the customer in a passive manner and not require additional confirmation.
This is a seamless process for the user since it is happening in the background. They will be directed to the screen that confirms the purchase and is unaware the transaction was recorded.
The merchant’s platform will require additional authentication when the risk is very high. With the use of risk-based authentication, The plan for 3D Secure 2.0 is to have this occur in a very small proportion of transactions.
Customers benefit is knowing that their transactions are secured and in a position to enjoy a smooth seamless shopping experience.
The benefit for sellers is they benefit from adopting the 3D Secure protocol on their platform, such as protection from fraudulent chargebacks. However, simultaneously, they ensure their customers are secure from fraudulent transactions.
The user will experience a seamless experience using the merchant’s platform because they are not being in a position to be challenged. This means that the drop-off rate caused by using the 3DS technology will be significantly decreased and the customer is more likely to return to the platform the merchant.
Overall, the 2nd iteration of the 3DS protocol is an excellent improvement for all those that are.
It allows merchants to offer security across various platforms by the ease of incorporation into systems including mobile apps while remaining able to take advantage of the advantages that this protocol brings. It is estimated that abandonment rates for carts will drastically decrease.
Issuers will be able to share more information from merchants, providing them with better insight into patterns in transactions which allows them to assess the risks with greater accuracy and thus enhance the process of authentication. 3DS 2.0 will also offer banks the ability to quickly meet the PSD2 requirements.
For customers, the upgrades can be among the most useful. They now have protection from fraud on a variety of platforms.
Not just will transactions become more secure because of the use of enhanced protection techniques like Two Factor authentication, but the user experience will be improved through 3DS2 frictionless flow with the use of risk-based authentication.