In the run up to full implementation of 3-D Secure 2.0, a payment standard that aims to curb online fraud and prevent blocking legitimate transactions, merchants and issuers alike will need some convincing the technology will not impede e-commerce and mobile commerce.
That’s the word from Tim M. Sherwin, chief executive of CardinalCommerce, a Mentor, Ohio-based e-commerce services firm. Sherwin, a cofounder of the company, followed founder Michael A. Kereseman in that role beginning Feb. 1, when Visa Inc. purchased the firm.
EMVCo, the chip card standards body owned by the world’s six leading payment card networks, released 3-D Secure 2.0 in October. Visa originally shared the 3-D Secure 1.0 technology it developed, but handed off responsibility for future iterations to EMVCo in 2015.
The new version uses more data fields to capture information that is shared between the merchant and issuer behind the scenes to gauge the authenticity of transactions. The expectation is for a smoother transaction assessment that is not disruptive to the checkout process.
Many merchants are looking forward to the new data elements in 3-D Secure 2.0. Forty-six percent of them cited the additional data elements in messaging to enhance decisions as the most important new feature in the protocol, CardinalCommerce found in its annual survey, “Use of Consumer Authentication in eCommerce,” released in March.
Persuading merchants to adopt 3-D Secure 2.0 will take some effort because many were put off by the earlier version, which took consumers away from the merchant’s checkout page to the issuer’s verification page.
The need for improved card-not-present transaction fraud detection is there, Sherwin says. Fraud is growing faster than e-commerce, and there is a disparity in the approval rate for card-present transactions relative to online transactions. This shows that false declines—when legitimate online transactions are tagged as fraudulent—are a larger problem for online merchants, he says.
“When you decline a good customer, the impact is probably worse than fraud in the long run,” Sherwin tells Digital Transactions News.
Unlike 3-D Secure 1.0, the new version can provide merchants with more control over which transactions are designated for further review. For example, when an issuer’s review of a transaction calls for further authentication from the consumer, the merchant can say it is more confident in the validity of the transaction, Sherwin says. The situation might be that the consumer is in a location the issuer has not recorded before, but the consumer may have performed transactions with the merchant from that location.
If there is a challenge to the transaction, the issuer could send the consumer a one-time code to enter on the checkout page. Once that is input, the merchant, in the background and without its customer having to leave the checkout page, will forward that code for the issuer to verify, Sherwin says.
“The big thing is getting past the legacy perception and understanding the differences,” Sherwin says. “Everybody knows fraud is a problem. The false declines are a problem.”
Issuers, too, will need incentives to adopt 3-D Secure 2.0. Vendors that provide the access-control server function, which is used to verify a card number’s enrollment in 3-D Secure and perform the authentication, are updating their systems, Sherwin says. Those issuers that delay adoption may find the liability for fraudulent transactions shifted to them for merchants that are 3-D Secure 2.0 compliant, he says.
All in all, adoption by merchants and issuers is essential. “They need to work together and collaborate together,” Sherwin says.