The shift in retail spending from in-store to e-commerce is forecasted to continue this year, with double-digit growth expected, even while modest gains are projected for holiday shopping overall. Ecommerce merchants continue to look for ways to stem increases in credit/debit card fraud, since merchants bear full liability for all fraud whenever the card is not present as part of the transaction. Merchants have a variety of tools that they use to combat card fraud, address verification (AVS) and card verification value (CVV2). With AVS, the merchant sends the billing address provided by the cardholder along with the usual authorization request, and the card issuing bank provides a range of responses that indicate the match quality of the data provided. Merchants are not prohibited from shipping orders with a non-matching AVS, but the majority of merchants do not. The CVV2 code is the 3-digit code printed near the signature panel on the back of the card (4 digits for American Express), and is another piece of data that the merchant can send in with the authorization request. The CVV2 is different from the CVV contained on the chip or strip of the card, and is only printed on the card itelsef, so having that code is taken as good evidence that the cardholder has the card in their possession while making the online purchase. Neither of these tools fully protect merchants, however, and merchants remain liable for card fraud even if using these procedures.
The best tool available to merchants is the 3D secure technology, originally launched a few years ago under the brand Verified by Visa. Merchants using 3D Secure include the 3DS indicator flag with their authorization request, which tells the card issuer to deliver a pop-up to the cardholder requesting their pre-registered password. This authentication has proven so reliable in thwarting ecommerce fraud, that card brand rules provide for a liability shift to the car issuer, insulating merchants from chargeback losses. Despite its effectiveness, merchants have been slow to adopt this technology because the redirect adds friction to the checkout process. Cardholders also need to pre-establish their 3DS password with their card issuer.
Leading merchant gateway provider Cardknox now announces the launch of 3d Secure 2.0, which promises to smooth some of the friction with the current 3DS technology and enable more merchants to take advantage of the technology. 3DS 2.0 passes additional data back to the card issuer to help them validate legitimate consumer behavior, and authorize the sale without needing the cardholder’s password. The card issuer still reserves the right to ask the cardholder for their password for validation, but overall the new technology is expected to significantly reduce friction and increase merchant adoption.
“Online fraud and chargebacks hurt the e-commerce merchant ecosystem,” says Mark Paley, VP of Sales at Cardknox. “With support for 3DS2, merchants can reduce their liability for fraud while providing a more seamless, frictionless checkout experience for their customers.”
Read the full article from Helpnetsecurity here
Look for other gateways to implement 3DS 2.0 and for more merchants to incorporate the technology in their checkout processes this holiday season.