On today’s episode, Ryan McEndarfer, Editor-In-Chief at PaymentsJournal, is going to be talking with Michael Francis Roche, who is the VP of Global Fraud Products at Elavon about 3DS 2.0. One thing that’s going to be particularly interesting about this conversation is the way that Elavon is going to be using A.I. in combination with 3DS 2.0.
Ryan:
So Michael, if you could, could you please walk me through Elavon’s position on 3DS 2.0?
Michael:
Yes, sure. Pleasure to talk to you about that. Elavon I think is pretty unique in the space as an acquirer because we have decided to make a large investment in 3DS 2.0. The reason being is, you know, we saw the effect of chip and PIN within the United States, and how it improves our merchants business. And we recognize that 3DS 2.0 is going to be the online equivalent of that. And, you know, Elavon is fairly new to the eCommerce space. We focus on specific verticals. It’s very important for us to be able to provide our customers, just like a chip and PIN solution or terminal solution that online virtual terminal, that allows for EMV and that’s kind of where we see EMV 3DS. We have plans to roll this out on a massive scale, depending on the performance, and the way that we’re doing is kind of unique in how we’re going to be staggering that. But our position is that 3DS 2.0 is EMV’s online equivalent. It’s going to be the status quo. Just like all things are that we see company will become which we actively participate in. (unintelligible) So, that’s our position, and we are, you know, we are pushing our chips in on it, and, which is why we made the investment to kind of build it from the ground up and become our own full service EMV 3DS vendor.
Ryan:
Excellent. Now if we could here, take a little bit kind of a back look at history there. So, 3DS 1.0 really wasn’t that big of a hit with merchants, unfortunately. But what will really be different about this new updated version and, in your opinion, who from the payments industry is key to seeing the success of this updated 3DS version be successful?
Michael:
Yeah. So, what’s fortunate about working at Elavon is that we work hand in hand with our Issuing Group and we see the players. What really matters is that our issuers adopt the program. So, you know, there’s so many problems with 3DS 1.0 and I had worked on it for years until I came to the acquiring space. I really didn’t take a look at it from a full, the full scope of things and now we’re kind of looking at it from a full circle. So, the problems with 1.0 everybody knows what they are, but the main problem was the consumer experience and abandonment at the shopping cart… and the way that it was implemented. Which, in hindsight, looking at it, you know, there are authorization degradation problems with it. But certainly with issuers who do not participate in 3DS 1.0. With 2.0 what we’re seeing is the ability to notice, and we know this because we’re working hand in hand with our issuer is the ability to adjust that new data into their fraud screening models. And, you know, we’re doing it too on the acquirer side. But, once we get all the issuers and the ones that are most important onboard, and they allow it to evolve because all things at banks take time. You know, things don’t turn over overnight at a FinTech company. There’s going to be time that the issuers need to get comfortable with it. They need to be able to port the data that’s coming in authentication into there are fraud models. Exactly like what Elavon. We’re using authentication, just in one component, but we’re also putting them into an overall A.I. platform.
So, and we’re using that to stop fraud at the processing level. So, that’s what’s important. What’s really important is that issuers adopt it, number one, and when the issuers adopt (the practice), the consumers will embrace it…and they will appreciate it because we will stop fraud, that’s what it will do. People will see that their card, you know, I lose my credit card or today or the fear of getting my card getting counterfeited because of chip and PIN, especially my debit card, which has a PIN associated with it. Once the issuers embrace it, the consumers will embrace it and once people will start to see that, hey, you know, my credit card information online, people who experience fraudulent chargebacks will appreciate the fact that their transactions are more secure with merchants and issuers.
Ryan:
And so, obviously, you know, that question really kind of geared towards just everybody in the payments industry and what it is that they need to do to see the success of 3D Secure 2.0. But let’s put a finer point on this and I think you kind of briefly touched upon it, but I really want to dive a little bit deeper into what is Elavon doing to ensure that this update is successful?
Michael:
Yeah, so the first thing that we are doing is we are heavily monitoring it. We’re not going into it blind. Our main focus is stopping fraud and increasing authorization rates. We are ensuring that what we’re bringing 3D Secure 2.0 to the market, we’re going to be bringing a story to market, which says, look, this will increase your ability to accept more transactions. This will allow you to collaborate with issuers, who are also doing 2.0 so you can exchange information prior to the authorization. The other way that we’re doing this too is we’re building it from the ground up within our own environment. I think that’s something that’s really important because by building it from the ground up from our own environment, we’re able to innovate on top of it and do some really cool things with the results it produces.
So one of the things that we’re going to be doing is we’re plugging it into a full-blown A.I. platform. And that A.I. platform allows us to, number one, make sure that we’re doing 3D Secure 2.0 in the right time in the right place (prior to authorization), but also number two, we’re heavily monitoring issuer authorization. If issuers are using 2.0 and are not effectively stopping fraud…the value we’re creating for our merchants is not (just) on the liability shift. It’s 100% on the authorization rate increases and the ability to stop actual fraud. Just because merchants aren’t assuming liability, we know when a fraudulent chargeback gets reported. We get all that information to us. And if we start to see issuers, who are not authorizing more transactions and issuers who are not using 2.0 to stop fraud from happening, and they’re not catching it, we need to do something about that, because one of our mantras is, we always do the right thing. And the right thing for us is to make sure that 3D Secure is being deployed in a safe environment and that it also, it’s being done in a way that’s totally effective in order to stop fraudulent chargebacks and also increase authorization. Which is why we’ve made the investment to kind of build this from the ground up because if we didn’t, we wouldn’t be able to plug it into this new A.I. platform that we’re running. A.I. is very important for everything that we’re doing here at Elavon.
So, another thing to point out on why we are unique is because we are backed by a super-regional bank and using A.I. and using our data footprint, we’re working and communicating and sharing data with all portions of our business and including the issuer space. So, what makes us unique is that we’re looking at data from a macro level, so not just on the acquirer side but also the issuer side.
Ryan:
Now I’m glad that you brought up A.I., because obviously that’s a very popular topic in the payments industry so I’m curious how it is that Elavon is going to be implementing A.I. with this new 3D Secure 2.0?
Michael:
We’re implementing a new approach to authentication and 3D Secure and fraud. We’ve actually filed patents on this too as well. But what we’re calling it is A.I. based 3DS. And what’s important about this is that (it) allows us to look at a transaction on a multi-dimensional level. So A.I. is very powerful, very effective within the fraud space, and it does a very good job of managing the risk on transactions (9:19), or looking for anomalies, behavioral analytics people call it. But what about the behavioral analytics of the 3D Secure environment? So we looked at and we’re scratching our heads like, why don’t we use A.I. in order to do a better job with 3D Secure? So how do we look at a transaction? We look at a transaction (and are able to see how the) customer comes in on the device and (ask) what device do they have? Is this a device that we recognize? Number 2, what’s their payment information? Who’s their preferred financial, who are they paying with? We know all that. And also, too as well we want to take it to the next level. Does this person…is this person going to be challenged by the issuer? So we’re using A.I. to say, what’s the consumer experience going to be like with authentication? 2.0 is supposed to be entirely seamless.
But in the case of challenges, let’s look at their bank now let’s not just look at the person let’s look at your financial institution and how they operate from the 3D Secure ecosystem. So, does this bank do a good job with 3D Secure? Does fraud happen? When they see a transaction they say, it’s low risk I don’t want to challenge, does that end up being a fraudulent chargeback? How well of a job to do with that? How many transactions are they challenging? So we’re using A.I. to answer a lot of questions about our business. The best question that we’re answering right now happen to be about fraud and also authentication which is 3D Secure. So we’re using A.I. in a totally different way, and we’re calling it A.I. based 3DS for now. But it’s a way that we leverage one of our largest investments over here at Elavon in order to improve the ecosystem.
First and foremost, you know we are an acquirer. Our job is to get transactions completed; the right transactions. And so we’re using A.I., in order to look at…are people authorizing more transactions that come from 3D Secure. So, we’re looking at on a multi-dimensional level, and also to as well we’re trying to predict the consumer experience. What’s it going to be like? And A.I…it’s very effective at doing that. We built a whole army of models that are going to be able to take a look at transactions, at that type of level above and beyond just guessing the risk. What’s the riskiest transaction? What’s the risk on a good customer having a bad customer experience?
Ryan:
I certainly think it’s good to hear that you’re building it from the foundation up, you know, having programming experience you know on my end here…it does just make things so much easier when you build things from the foundation up because you’re at an intimate level; you are extremely familiar with everything that’s going on. You understand every single line of code, mainly in my cases because I wrote it. So, I understand what it means and so it’s like it is that security and knowledge that comes with building it from the foundation up. That is really awesome.
Michael:
Yeah, one thing I want to point out, and you brought up is very interesting. You know, Elavon, by building it from the ground up has become a 3D Secure acquirer. The knowledge base that we’ve extended through the entire organization — you know on how it works just from a development standpoint – We endeared to 3DS 2.0 and also the other EMV protocols along with all things that we’re doing with A.I., and it’s a tough pill to swallow to do it, but once you make that decision, and you go that route where you’re going to build it from the ground up it makes it all worthwhile.
Ryan:
Yeah, I think it’s definitely one of those, it’s you can play the long or the short game type of thing and when you’re developing it from the ground up, you’re playing that long game you know, there’s certainly a lot of development upfront that you have to do because you’re doing it all from the ground up and it’s not a simple okay, plugin this, plugin that, plugin that, and okay there we go we’ve got a foundation core here really is just that but it is the long game though realistically that’s being played here. Now, if I could, if we could move on to the, requirement aspect that’s going to be going on here. So 3DS 2.0 is going to be a requirement of PSD2. And given that Europe is mandating PSD2 before the US and I believe in September of 2019, you know, do you believe that merchants doing business with Europe that are in the US will rush to implement this update or wait till it’s required in the US?
Michael:
No, we are seeing all of our merchants and you know Elavon is a very large part of the market share within specific verticals which just happened to be, you know, global; lodging, hotels, and airlines. So our customers are actively implementing right now in order to meet that requirement. What’s kind of just came out recently, Visa just moved the program activation to 2020 for the US. But, you know, still our merchants are still implementing 3DS 2.0 in order to hit the PSD2 requirements. But what it’s causing is a lot of people to take a closer look at it even though the programs are new. So what we’re seeing – and this is an interesting trend — is that we have merchants that are implementing for PSD2 but then now are warming up to rolling it out within the United States, and globally. So it’s an excellent wedge into it. It’s causing a lot of anxiety in the industry right now, but I think it’s just a part of the growing pains. Europe always does a good job of kind of going above and beyond as it relates to security and I just think is another way that it’s kind of done that but overall it’s going to make the ecosystem so much better.
Ryan:
Now and I’m glad that you kind of brought up like the little bit of anxiety there because it’s really kind of leads into my next question of just kind of, you know, unfortunately, updating anything is just not as easy as saying hey! Let’s update it…we flip a switch and it happens. So from your point of view, what (specification) of 3DS 2.0 is really the most difficult to implement?
Michael:
We’re actually on version 2.1, and we are upgrading to 2.2 right now. So I think the thing that’s causing us, anxiety, especially with implementing 3DS 2.0, has to do with certain use cases where you know merchants are doing transactions on behalf of another party kind of in a marketplace model. And there’s, you know, each card brand is just a little bit different. They’re not entirely different but they’re just a little bit different. And so, you know, the 3RI components of it and merchant whitelisting is difficult and 3RI means you have to get unique values for each subsequent transaction that goes through a marketplace. A little bit too technical for you but there’s use cases that go back and forth and EMVco has done an amazing job of documenting and putting together this whole thing on 3DS 2.0. Kudos to them. But no matter what you do in this space there’s always going to be a use case that’s just going to throw everybody for a loop. So 3D Secure on transactions where customers aren’t the merchant of record is something that’s kind of throwing our merchants in a couple different directions and we’re trying to solve for it. But yeah, I think if you dig into the spec, those are the use cases where you have to run 3D Secure on multiple instances across multiple customers. Then authorize – using the unique values which is something that we’re having fun with right now.
Ryan:
Well thank you Michael for taking the time today for speaking to us about 3DS 2.0 and I hope to have you back on the podcast real soon.
Michael:
Thank you so much.