Why You Need 3-D Secure, Even If You Use a Fraud Prevention Platform

Visa Research has found that up to 72 percent of online shoppers abandon their shopping cart due to security concerns. This statistic shows that payment fraud is a top concern among online consumers, especially when there were 459,297 reports of card fraud in 2020, according to the Federal Trade Commission’s Annual Data Book. Luckily, 3-D Secure is an effective solution to help prevent fraud and false declines. It can even decrease checkout times by 85 percent and reduce cart abandonment by 70 percent. If you’re interested in 3-D Secure, keep reading to discover why this security protocol is an essential layer within your organization’s holistic security approach. 

What Is 3-D Secure? 

3-D Secure (3DS) stands for “Three Domain Secure” and is a security protocol designed to authenticate users. The three domains include the acquiring bank (merchant’s bank), issuing bank (cardholder’s bank), and the interoperability domain that supports the 3-D Secure process. 3DS offers an additional layer of security protection for card-not-present transactions. This protocol was established to enable cardholders to authenticate their identity, which can help prevent the prevalence of payment fraud, hinder unauthorized transactions, and decrease chargebacks. While primarily used in Europe due to the PSD2 SCA requirements, 3-D Secure is also used in countries, such as India, Japan, and South Africa.  

In April 2019, EMVco developed 3-D Secure 2.0, which Visa and Mastercard deployed. 3DS2 was created to address various issues associated with the original 3DS version. For example, the latest security protocol offers less disruptive payment authentication and an improved checkout experience for cardholders. Additionally, 3DS2 uses frictionless authentication for certain low-risk transactions, providing a better payment process for customers.  

Furthermore, in Europe, the new 3-D Secure is considered the primary card authentication method to meet the Strong Customer Authentication (SCA) rules and request SCA exemptions. Since 2019, the SCA has been an active requirement for many European-based online payments, in which customers must use two-factor authentication like 3-D Secure to verify their purchases. Specifically, 3-D Secure enables merchants and payment providers to send additional transaction details to the cardholder’s issuer, such as the cardholder’s device ID, previous transaction history, and shipping addresses. These details can help assess the risk level for transactions, thus determining the authorization response: 

 

  • The transaction is sent through a “frictionless” flow if the issuing bank determines that enough data is provided to verify that the real cardholder is making the purchase and the authentication process is complete without additional authentication steps. 
  • The transaction is sent through a “challenge” flow if the issuing bank determines that additional proof is needed to verify that the real cardholder makes a legitimate purchase. The cardholder must complete other authentication steps, making this scenario a less frictionless process.  

How Does 3-D Secure Work? 

3-D Secure authentication includes three main steps, which involve the three parties mentioned above – the issuer, acquirer, and card network. This security protocol is controlled by software installed on a merchant’s website known as Merchant Plug-In (MPI), which communicates with the card networks to authorize cardholders’ identity. An example of the payment process using 3DS looks like this: 

 

  1. The cardholder orders products or services and then enters their card details at the checkout page.
  2. The merchant’s website requests the card network’s directory server via the MPI. 
  3. Once the payment gateway receives a new transaction request, the Merchant Plug-In is activated. The MPI contacts the card network to determine if the cardholder’s card requires 3DS. If 3DS is supported, the MPI will send the cardholder an authentication pop-up window to verify their identity. 
  4. The cardholder is redirected to the issuer’s website and enters the appropriate information to confirm their identity as the genuine cardholder. The payment gateway’s MPI verifies that: 
    - If the cardholder has not completed the authentication step, the payment is declined. 
    - The payment gateway finishes the authorization process if the cardholder has successfully completed the authentication step. 
  5. After the authentication process is complete, the cardholder is redirected to the merchant’s website. 
  6. The payment gateway sends the authentication results to the merchant’s website, thus allowing the cardholder to complete their online purchase.   

Who Needs 3-D Secure? 

Mastercard requires merchants to use 3-D Secure if they accept Maestro cards in the UK, while Verified by Visa is required for merchants in Italy. As for other countries, it is strongly recommended that these merchants consider implementing 3DS, especially those with high fraud risks. If a merchant refuses to use this security protocol, they may have to pay fines and penalties if they are caught not using additional security measures to authenticate cardholders’ identity. 

With the highest credit card penetration rates, Europe is a forerunner in implementing new security technologies, such as AVS, 3-D Secure, contactless payment, and more. Indeed, UK online consumers have grown accustomed to verifying their identity during checkout processes. If merchants decide not to use 3DS, they increase their chances of being fined due to payment fraud.  

Combat Payment Fraud with TokenEx 

With the rise of card fraud and online shopping, online merchants must prioritize payment security for their customers and businesses. No matter where you are based, 3-D Secure is an effective security solution that can be built into your payment flow. While 3DS may increase the friction regarding the checkout process, the benefits are worth it - preventing card fraud, reducing chargebacks and false declines, improving customer checkout experiences, and shifting the liability from merchants to issuing banks. Contact TokenEx today to learn how 3-D Secure can help your organization achieve PSD2 compliance, improve your payment security process, and seamlessly integrate multi-factor authentication into your existing checkout flow. 

 

Find out how 3-D Secure can help your business. 

 

DISCOVER 3-D SECURE

Topic(s): payments