Peter Caiazzi, Managing Director of TAS USA was commuting by train to a remote office for three years. He would purchase his train ticket, not at the station, but online – totaling up to around 100 transactions per year. Enrolled in 3D Secure with his card issuer, he was required to enter a password to pay for the transaction, but he often forgot his password and sometimes had to use a different card. This was life with 3D Secure 1.0.
What is 3D Secure?
You may have heard the term 3D Secure often abbreviated as 3DS but what is it and why is it important? Launched by Visa in 2001, 3D Secure is a security protocol designed to protect online card-not-present (CNP) transactions. Ennio Ponzetto, Chief Revenue Officer of TAS USA tells us that customers were asked through a web page from their issuing bank to enroll in 3DS 1.0 and set a static password as a security measure to authenticate the transaction. It turns out that expecting customers to add yet another password to their memory led to increased rates of cart abandonment, which is bad for merchants. For this reason, 3DS 1.0 merchant adoption rate was low, ultimately increasing risk for fraudulent transactions. As Peter explains from the merchant perspective, “there was a need to…reduce the shopping cart abandonment while improving the overall customer experience and security.” Meet the new version of 3DS.
3D Secure 2.0 is Good for Customer Experience
3DS 2.0 will expand the protocol to mobile commerce including wearables, in-app purchases and digital wallet transactions in addition to online commerce. More opportunities to purchase means happier consumers. Ennio also tells us that the aptly termed “frictionless” payments inherent in the new 3D Secure 2.0 technology will mean less waiting time, fewer steps, and lower strain on the customer. But how does “frictionless” translate to these features?
3DS 2.0 brings the promise of machine learning algorithms to better risk assessment. The new algorithms allow for a seamless data exchange across the three domains (merchant/acquirer, issuer, and interoperability). Furthermore, 3DS 2.0 utilizes machine learning and has 10 times more assessment data points than its predecessor, allowing for a more robust risk-based authentication. This means that with 3DS 2.0, Peter’s repeated purchase of his train ticket online would be marked as low-risk by his merchant and his issuing bank, which translates to a faster, easier, and more secure payment.
3D Secure 2.0 will help Merchants and Acquirers
3DS 2.0 is going to have significant impact for merchants and acquirers. Ennio reports that 3DS 2.0 has reduced checkout times by 85% and cart abandonment by 70%, respectively. Less cart abandonment means more opportunities for sales conversions. He also says that 3DS 2.0 reduces transaction costs, increases authorization rate, and shifts liability from the merchant. Furthermore, he says that 3DS 2.0 will reduce false-positives triggered by fraud prevention software, which means less lost revenue due to negative customer experience.
3D Secure 2.0 reduces customer service cost for Issuers
Issuers have much to gain from 3DS 2.0. Issuers want their cards to be used by customers—they want to be ‘top of the wallet.’ Peter says that 3DS 2.0 “should reduce customer service costs with 85% fewer inbound calls relating to password resets compared to the number of calls they would have had with version one of the protocol.” Reducing customer service calls will save time and money for the issuer and most importantly—keep the customer happy.
Security
Peter hopes that 3D Secure 2.0 will have a similar effect for CNP transactions as EMV chip technology has had for reducing card present (CP) fraud, noting that Visa reported an 82% reduction in CP fraud with the integration of EMV technology. Important to the protocol is that it creates a shifting liability for fraudulent transactions across the three domains: merchant/acquirer domain, issuer domain, and interoperability domain (e.g. Payment Networks).
3D Secure 2.0 is the answer to PSD2 compliance
The coming payment service directive, known as PSD2, is another reason why issuers should adopt the latest version of 3DS, according to Peter. The Strong Customer Authentication (SCA) regulation will be introduced in Europe on September 14, 2019. The SCA requires that the customer provide at least two independent authentication elements out of the following: something the customer knows (e.g., password security question), something the customer has (e.g., phone), something the customer is (e.g., biometric fingerprint). The issuer will invoke a challenge to the customer based on one of these three authentication elements which will satisfy PSD2 compliance. Such challenges should only be issued to customers for a risky transaction, as online transactions can be exempt from this process by utilizing behind-the-scenes 3DS 2.0 risk analysis. Peter tells us that according to the signature networks, up to 95% of online transactions could be deemed to be of low risk.
Only issuers and acquirers can apply for an exemption. Merchants must agree to share the liability risk, but this is offset by increased volumes and lower abandonment rate. Merchants can encourage customers to whitelist them to their issuer as such whitelisted merchants will be exempt from the 3D secure protocol after the first purchase.
Large multinational corporations will drive adoption in the US
How will 3DS 2.0 impact the US? Ennio believes that large multinational corporations in the US with European customers will drive adoption of 3DS 2.0 when they see its success in Europe. Non-compliant issuing banks will be liable for fraudulent activity when large merchants make the switch, which will further drive adoption in the US.
Conclusion
3DS 2.0 seems like the logical next step in the evolution of the 3DS protocol. It aims to tackle the problem of cart abandonment by providing a better customer experience while saving money for the merchant by reducing false-positives from fraud software, reducing transaction costs, increasing authorization rate, and shifting liability. From the issuer perspective, 3DS 2.0 will reduce customer service costs as static passwords become less relevant to authentication. On the customer side, 3DS 2.0 will allow for more ways to pay while the frictionless payments feature will make those payments easier and more secure. It seems like 3DS 2.0 is a win win win.
To learn more about 3D Secure 2.0 and how it can enable fast, frictionless Payments, download TAS Group’s handy guide
Subscribe to our podcast via: