A rise in eCommerce and mCommerce has led to a rise in fraud over the last few decades due to the card-not-present (CNP), nature of online payments.
In 2015, eCommerce fraud rates averaged 0.53% worldwide. This may seem small, but it’s a substantial amount considering eCommerce sales are expected to reach $2.3 billion by 2017. That means eCommerce fraud could increase to more than $12 Billion.
CNP transactions make up the majority of the fraud. CNP fraud represents a significant proportion of all fraud in countries where there are a lot of online merchants.
Online fraud is widespread, but it’s not surprising. CNP transactions are more secure than other types of transactions due to the difficulty in verifying the identity of the buyer and determining if they are the cardholder. Since 2001, 3D Secure Protocol, which is one the most trusted and established technologies in the fight against CNP Online Fraud, is available. While the protocol’s main purpose is to protect the cardholder, it provides an authentication layer to verify that they used their card for the transaction. It also protects merchants against fraudulent chargebacks. This protection is provided by a shift in liability from the merchant to the card issuing institution. It is important to note that this protection does not cover non-fraudulent consumer claims.
The point at which liability shift occurs is not always the same. It can vary depending on the card provider and whether or not a card is already enrolled in a 3D Secure program.
Two steps are required to determine if liability shifting is allowed in the current protocol (3DS1). In the first stage, the merchant will send a request to the issuing bank for information about whether a card has been registered in its 3DS program. To accomplish this, the merchant must install an approved merchant plug-in. This will handle the authentication messaging between the bank and the merchant, using a 3D Secure vendor. If the card issuer can’t provide the card status, then the response will be returned as ‘unavailable. Visa and MasterCard differ in the extent to which liability has passed from the merchant if the unavailability is indicated.
The third step involves the actual 3D Secure cardholder verification. Once again, the request is returned with a definitive Yes’ (authentication success) or a No’ (authentication failing). If there is a network or system error, the response could be ‘Authentication error’/’Authentication attempted.
If a liability shift is occurring, it will be determined by combining the results of step 1 (card enrolment), and step 2 (authentication status).
The global program activation day is 12/04/2019. Until then, existing liability shift rules from the original 3DS1 Protocol will continue to be in full effect. After 3DS2 goes live, there will only be a minor shift in liability shifts. This could offer major benefits for merchants to protect them against fraudulent chargebacks.
As it stands now, merchants can try authentication with 3DS2 if the issuer is unable or unwilling to respond (system unavailable), and they will receive protection against fraudulent chargebacks.
If the issuing bank DOES not support 3DS2, there will be no liability shift and the merchant will still have to pay. This change will take effect on 12 April 2019 and merchants will still have full fraud protection.
3D Secure, a buyer authentication solution that uses 3D Secure to authenticate buyers, is still the best way of reducing fraud in CNP purchasing. It provides protection for both the consumer and the merchant, by shifting liability.
With many years of rich experience in technology development, Logibiz Technologies aim to boost your online presence by offering 360-degree solutions related to Online Payments and its Security.
From Online Fraud Prevention solutions to White Label Payment Gateway Platform and complete 3DS testing environment, Logibiz has got your back. Additionally, we also offer consultancy services for all your EMVCo & Card Scheme certification needs.
We provide Free Demo & POC of our products which are certified globally and trusted by leading Financial Institutions worldwide.
Book a Free Consultation Call with our experts to discuss how we can help grow your online payments business.
We provide Tailored Payment Solutions for PSPs, Payment Gateways, Banks and Merchants with a complete range of top-tier payment gateway platforms, robust authentication solutions, and cutting-edge testing tools.
We’ll update you on our upcoming events, newsand publications.
Try our solutions for free! Sign up now and see how we can help you.
Explore our comprehensive services. Download our brochure for detailed information on our offerings and solutions.
The 3DS Server provides a functional interface between the Directory Server (DS) and the 3DS Requestor Environment flows. 3DS Server is responsible for gathering necessary data elements for 3-D Secure messages, authenticating the DS, validating the DS, the 3DS SDK, and the 3DS Requestor, safeguarding the message contents. The 3DS Server also helps to protect the message content while it is being transferred to DS and vice versa.