By Jeff Hallenbeck, Head of Payments
At Forter, we aim to help digital commerce companies build trust across the entire customer journey, including the payment process. If your job involves managing payment options and processes, you might consider 3D Secure (3DS) for authenticating card-not-present (CNP) transactions.
Perhaps your company already uses this protocol for authentication, but too many of your customers have experienced unwanted friction at checkout, causing them to abandon their transactions. Applying strong authentication doesn’t have to cause friction for every customer. In fact, 3DS has features that can benefit your customers and your business — but those benefits depend on how you apply the protocol.
Why Should You Consider Using 3DS?
If you apply 3DS to transactions intelligently, you can maximize its benefits, which include:
- Shift fraud liability from your company to the issuing bank: For most transactions, 3DS shifts the fraud liability from digital commerce platforms to card-issuing banks. This means when you initiate 3DS, and the issuer authenticates the transaction (they can do this seamlessly or by asking the customer to authenticate via 2-factor authentication), the issuer is liable for any disputes filed due to fraud. When this happens, merchants won’t have to absorb the costs of fraudulent transactions, including the cost of receiving and representing a chargeback.
- Enable frictionless authentication for good customers: 3DS lets you share more information with the card-issuing bank for a transaction. The issuer uses that additional data to assess the risk and decide if a trusted customer can proceed without validating their identity. No validation requirement means the customer gets a frictionless authentication experience, and the merchant gets the added benefit of chargeback protection via the fraud liability shift. Forter sees 65% of 3DS requests in the U.S. authenticated without the need for additional 2-factor security challenges.
- Provide a better user experience across devices: 3DS’s design allows you to make the authentication process look and feel consistent with your mobile app or website, giving customers a seamless and user-friendly experience. It provides an enhanced authentication experience that works well on mobile devices and is compatible with in-app transactions, mobile wallets, and e-wallets.
- Comply with global payment regulations: Companies operating within the European Economic Area (EEA) have been complying with PSD2 regulation for several years now. This E.U. legislation requires strong customer authentication (SCA), which many companies have implemented using 3DS. The E.U. isn’t the only region that requires SCA — India, Australia, Japan, and the U.K. (post-Brexit) also have versions of the regulation in place as well. If your company plans to expand its digital commerce business internationally, having already implemented 3DS will make that expansion significantly easier.
These benefits can help you achieve your business objectives — from reducing the number of chargeback claims and overall fraud costs to maximizing payment acceptance and expanding the business internationally. However, you must implement and apply the technology strategically to maximize 3DS’s benefits.
3DS Best Practices
You can get more out of 3DS if you follow these best practices:
1) Leverage 3DS to approve riskier transactions
Some companies use a blanket approach to 3DS, applying it to all payment transactions. This strategy introduces unwanted friction to every customer regardless of their identity and level of risk. Our Trust Premium Report research found that 77% of good consumers will abandon a purchase if the checkout experience is filled with friction.
We recommend that online platforms apply 3DS to high-risk transactions that warrant the need for additional authentication. This strategy allows you to provide a hassle-free experience for good customers while ensuring you can allow the most possible transactions through your conversion funnel without increasing fraud risk.
2) Implement a frictionless 3DS model for less risky transactions
When you apply 3DS to a payment transaction, the card-issuing bank decides whether the customer can proceed without additional authentication required. Every bank treats 3DS differently. Some banks prefer transactions that use 3DS, while others actively penalize transactions (via reduced authorization rates) that use it too heavily. Also, each issuer’s risk appetite varies, as does how they interpret the authentication data being sent to them by merchants.
Digital commerce companies should implement a frictionless 3DS model for less risky transactions. This model determines if a transaction should use frictionless authentication based on the card-issuer’s expected behavior, ensuring that authorization rates remain high while maximizing the amount of fraud liability shift that can be achieved. Your goal should be to learn which flows will balance risk and authorization rates, incorporating a smart and continuous testing strategy into your model. An effective model can help you maintain a seamless customer experience while driving down your exposure to fraud via liability shift.
3) Always consider the identity behind every transaction
Some online businesses wrongly assume that those who fail to complete a step-up verification flow are always fraudsters. However, many legitimate customers struggle when presented with step-up authentication, not understanding how it works and what they must do to complete verification. Consumers in the EEA have become accustomed to strong customer authentication. But despite its familiarity, an alarming 19%, 20%, and 25% of 3DS attempts fail in the U.K., Germany, and Italy, respectively.
Digital commerce companies should always consider a customer’s identity and past behavior when applying 3DS to a transaction. By examining their identity, they can deliver a more effortless payment experience while protecting the business from fraud.
The more payments professionals can tailor their approach to using 3DS, the greater their success will be in leveraging this potentially powerful tool to ensure an uplift in approvals and customer experience — without increasing the risk of false declines. To learn more about Forter’s intelligent approach to 3DS, click here.
Jeff Hallenbeck currently serves as the Global Head of Payments for Forter, where he is focused on building unique payment products and partnerships on behalf of Forter customers with a goal of connecting the right data points with issuing banks to maximize approvals and eliminate fraud from the ecosystem.