M-commerce, also known as mobile commerce, refers to the process of purchasing and selling goods and services through wireless devices like smartphones and tablets. It is a type of electronic commerce that allows users to access online shopping websites without requiring a desktop computer.
Mobile commerce is quickly growing. In global eCommerce transactions, mobile commerce has been growing from 40.2 percent in terms of the value of transactions in 2015 to 58.9 percent only two years after in the year 2017. All this is happening as eCommerce itself is growing as a market. In addition, in some areas where mobile device adoption is high, a significant portion of transactions made on eCommerce is done through mobile devices. This can be up to 49 percent in the case of Japan.
Mobile Commerce Boom
Along with the explosive increase in mobile and online purchasing, credit card fraud is also in the ascendancy. Credit card fraud in the world has been increasing each year from $7.60 million USD back in the year 2010 to $24.71 billion USD in 2016 and is expected to increase up to $32.82 billion USD by the year 2019. What is the best way to help the payment industry protect itself from using credit cards for fraud?
3D Secure Technology
3D Secure is a security technology that was developed to help reduce card-not-present fraudulent transactions (CNP fraud). It was initially introduced by Visa in 2001 and it was later adopted by other major brands of cards. It is currently operated under “EMVCo”, a consortium owned equally by large card manufacturers American Express, Discover, JCB, Mastercard, UnionPay, and Visa, and is the only legitimate fraud prevention program that is used by major brands of cards.
The method has been successful throughout its purpose of design: to stop fraudsters from making use of credit cards belonging to others. As technology advanced and became the norm of personal-connected devices it became evident that the protocol had a major defect. 3D Secure 1 is not compatible with phones with small screens, and neither are the eCommerce apps that users buy from.
If a customer is authenticated as a person in the process of authenticating their identity, the 3D Secure protocol will authenticate the identity of the customer. 3D Secure protocol would redirect the user to a web page that will prompt them to fill in the 3D Secure password. Some examples of these sites can be found below. But, these websites will generally not be compatible with mobile devices that have smaller screens and would appear in a small text area in the middle of the page.
Additionally, some customers might use a merchant’s mobile app to initiate the checkout process, however, the app would then switch to a browser application to authenticate. This unexpected and sudden operation by the system has often led to doubts regarding the validity of the checkout procedure.
In the event that an unusual-looking website such as that above one appears, the cardholder may not realize that this is an authentication site and might be thinking “What is this for?”, “Why do I have to do this?”. Additionally, they might think the website is suspicious and think it’s an online phishing site and that’s exactly the kind of thing 3D Secure is trying to stop.
The most likely scenario is when the cardholder is of the opinion that the extra authentication is too complicated and so they simply stop the entire purchase. This can be described by the term “cart abandonment”, and is an inexplicably bad method of reducing the sales of any retailer. Overall it is evident the fact that 3D Secure 1 was hard to utilize on mobile devices for cardholders. It also had a negative effect on merchants.
To update the outdated 3D Secure protocol, in the last quarter of 2017 EMVCo published the specifications of major upgrades, fittingly called ” 3D Secure 2″. The latest version of 3D Secure has numerous issues with the previous protocol that were addressed or improved and new features were added to accommodate the latest technologies. One of the major problems addressed was the absence of support for mobile phones and the applications they run.
3D Secure 2
3D Secure 2 has a new look. 3D Secure 2, the authentication interface for mobile devices has been greatly improved. It is now able to scale better for smaller screens that are found on mobile devices and it also includes a newly added “mobile SDK” component to the protocol.
With the addition of the ” mobile SDK” merchants are now in a position to integrate authentication capabilities within their own apps. This means that authentication can be done within the merchant app instead of having to go to the browser. Additionally, merchants can show a 3D Secure authentication interface using the same design, color scheme, and overall UI design language that they use for other components of their application. The awkward, small text box was always odd.
The new protocol goes things a step further and includes biometric authentication support. For instance, fingerprint scanners on tablets and smartphones which are typically used to unlock devices are now also able to verify the identity of the cardholder at the checkout process.
Voice recognition and facial recognition technologies included in a variety of smartphones these days are also able to be utilized similarly. This means that cardholders do not have to keep track of (or more importantly, reuse) passwords to access 3D Secure. Biometrics and biological characteristics of you can be your passwords. This brings an accelerated and smoother user experience to mobile commerce.
In reality, authentication could be much faster than simply placing your finger on the scanner for fingerprints. A brand new authentication process called “frictionless flow” is added to the 3D Secure 2 protocol, which means you don’t have to verify yourself manually. The way it works is that when the bank issuing the card determines the risk of fraud associated with the transaction to be less than the threshold set and then “frictionless flow” will be used.
The authentication process is performed instantly without needing to take any action while the checkout screen will be able to jump from the payment information to the complete checkout. All data-related messaging and analysis performed by the issuer are done in the background, and, as far as cardholders are aware they don’t know that authentication has occurred. In the end, authentication can be accomplished in less than 3 seconds.
Frictionless flow is a key advantage that comes with 3D Secure 2 and merits its own article. For more information on the frictionless flow feature, 3DSecure2 is a great source of details. Whitepaper by Logibiztech also describes the concept of frictionless flow in a thorough but simple to comprehend way.
With the introduction of 3D Secure 2, cardholders are certain that their credit card will be exclusively used by cardholders themselves. When they purchase online with mobile devices their overall shopping, as well as checkout experiences, are dramatically enhanced. For more information about 3D Secure 2, have the time to read Logibiztech‘s additional whitepapers and articles. If you have any concerns about the new protocol, please feel free to reach out to us.