With the massive increase in e-commerce this year, and new merchants moving to an online model out of necessity, combating card-not-present fraud is incredibly important.
EMV 3-D Secure 1.0 (or 3DS1) has been continually upgraded as technology and consumer habits changed; however, from its first iteration it has always had issues.
It was created well before we all had smartphones, and consumer habits were strikingly different when it was conceived. Basically, it wasn’t a great user experience, and created friction at checkout. This led to shopping cart abandonment, directly impacting sales revenue. At the heart of these issues was a basic problem of performing user authentication, where more data is needed to ensure a purchase is safe, without disturbing the consumer.
3DS2 (officially referred to as EMV 3DS) addresses these shortfalls, and has been designed specifically for remote commerce transactions—both those currently utilized in the payments industry, and those anticipated to be more common in the future. By enabling the exchange of greater contextual data between the issuer, the merchant, and the cardholder’s bank, 3DS2 reduces fraud, including fraudulent chargebacks, without creating friction at checkout. All of this happens in real time via risk-based authentication methods.
Solving these issues continues to be vital as credit card fraud has increased alongside e-commerce. In 2018, Mastercard’s data shows that 28% of the 400 billion worldwide online transactions were high-risk, meaning whether or not they were fraud couldn’t be verified. At this point, card-not-present fraud costs merchants around $20 billion each year, with each $1 of fraud costing an average of $3.27, according to LexisNexis’ 2018 True Cost of Fraud report.
In addition to this, the checkout conversion index reports that $200 billion of sales are lost each year in the U.S. due to friction at checkout. In an effort to mitigate friction, 3DS2 utilizes risk-based authentication to verify cardholders in a frictionless manner. According to Visa, 95% of transactions authenticated with 3DS2 are frictionless and provide merchants with a chargeback liability shift.
The initial data on the ability of 3DS2’s fraud-prevention tools to counter fraud, although limited, is extremely positive. Mastercard estimates that digital fraud is lowered about 12 basis points when transactions are fully authenticated.
Early data provided by Visa also suggests an uptick in authorization rates of 8% when compared to 3DS1, with Mastercard reporting an increase of 10%. This is due to additional data provided to the issuer. More information allows issuers to make better-informed decisions, which increases the authorization rate by feeding the issuer’s neural networks with this additional data, ultimately resulting in fewer false negatives (declining good transactions) and identifying bad transactions.
On their own, the above benefits make 3DS2 nearly essential for merchants. Equally as important, effective October 17, 2021, fraud-liability protection for merchants submitting transactions using Visa Secure with 3-D Secure (3DS) 1.0.2 will no longer apply. For their part, issuers in the U.S. are required to upgrade to 3DS2 on August 31, 2020; if issuers don’t comply, there will be an automatic liability shift.
What does that mean? It means merchants, processors, and gateways will need to have 3DS2 implemented to take advantage of the chargeback liability shift to the issuing bank. While not a legal requirement, parties within the payments ecosystem need to begin to utilize 3DS2 as soon as possible to benefit from this systemic improvement. This major merchant benefit will only be realized as merchants push their suppliers to support 3DS version 2.0.
To say it simply, merchants that rely on e-commerce as part of their business should be looking for a 3DS2 solution today. Its solutions will reduce friendly fraud and shopping-cart abandonment, while increasing authorization rates.
Yitz Mendlowitz is the chief executive and co-founder of PAAY LLC, New York, NY.