Written by Galit Michel, VP of Payments
The Regulatory Landscape is Changing
Merchants operating within the European Economic Area (EEA) must comply with PSD2, which means performing strong customer authentication (SCA) on all transactions that don’t qualify for an exemption. The most used technology for enabling SCA is 3DS. Many multinational companies operating worldwide, and US based merchants, already leverage EMV 3DS2. They enjoy the liability shift 3DS2 provides and can therefore approve more transactions.
Many merchants have also recognized that the shift in European payment regulations may eventually extend to other countries. So, preparing for those regulations now will save them time later. For example, the General Data Protection Regulation (GDPR) went into effect throughout Europe in 2018 and inspired the implementation of data privacy laws throughout the U.S. soon after.
Today, most U.S. merchants take a conservative approach to 3DS, but the rollout of 3DS2, and the expected rollout of 3DS2.2 will likely change this. Some policymakers recognise the value of SCA and the advancements of 3DS2. As a result, merchants outside the E.U. will have to adapt their payment ecosystem to offer a more secure authentication method for their consumers.
When these rollouts happen, merchants who have already adapted their infrastructure and incorporated 3DS2 into their checkout process will find adapting to regulatory changes a smoother process. However, there are other benefits to using 3DS2 beyond regulation.
Improving Liability, Increasing Trust, and Increasing Authorization
When it comes to 3DS2, the most advantageous thing for merchants is that it shifts the chargeback liability back to issuers. This means that in the event of fraudulent transactions, merchants will not find themselves out-of-pocket (and out of goods). 3DS2 also enables merchants to increase the trust level of the consumer, increasing authorization and increasing revenue generation.
Digitalization and globalization have boosted eCommerce, making it one of the fastest-growing sectors worldwide — but these things also created an opening for sophisticated fraudsters, putting merchants at risk.
3DS2 is not a fraud prevention solution, but you can use it to provide additional authentication when needed. For example, you would want 3DS if your fraud partner couldn’t guarantee that a transaction is legitimate. By performing 3DS on a questionable transaction, the merchant can validate the consumer before sending the transaction to the bank, reducing false positives and increasing conversion.
If a merchant wants to leverage 3DS2 effectively, they need:
- A payment optimization partner
- 3DS2 incorporated properly into their checkout process
- Automated fraud decisioning
Applying fraud decisioning along with payment optimization decision allows you to apply 3DS2 to the right transactions, which means you can approve more transactions, shift liability to the issuer and maximize conversions.
Not a one-size-fits-all protocol
While 3DS2 can help merchants reduce chargeback liability and risk, increase authorizations and comply with regulations, it is not a one-size-fits-all protocol.
Declined authorization – In the U.S., successful 3DS transactions often get declined during authorization.
This means that the 3DS was successful — and possibly a frictionless 3DS — but the authorization was declined, resulting in a lost transaction and lost revenue for the merchant. US merchants that blindly apply frictionless 3DS, will suffer a conversion loss of up to 10% due to the authorization declines. However, the transaction success rate increases when using smart 3DS, which applies 3DS only in cases where the bank is likely to authorize, creating a frictionless checkout experience.
Failure and abandonment during the 3DS process– On average, 3DS has a failure rate of 30% in Europe and 50% in the U.S.
If a merchant uses 3DS2 on all transactions, they will enjoy the liability shift, and if needed, PSD2 compliance. However, they will also suffer from the familiar downfalls of 3DS on many transactions, which includes increased:
- Authorization declines.
- Abandonment due to friction.
- 3DS failure rates.
- Technical errors due to the multiple authentication and authorization steps 3DS2 requires.
All of these factors lower overall conversions, harming revenue generation and profitability.
To enjoy reduced risk and liability without sacrificing conversion, it is important to know when 3DS will improve the chances of transaction approval, and when the payment ecosystem prefers non-3DS transactions. Unfortunately for merchants, you can’t know these things without advanced payment optimization and smart 3DS solutions.
By adapting the 3DS2 process and routing consumers to the checkout path of least friction based on their risk level and behavior, merchants can provide trusted customers with a frictionless and secure checkout experience while minimizing risk, reducing chargeback liability, increasing conversion, and enhancing the customer experience.
Not a fraud protection solution
While using 3DS2 to authenticate transactions has significant benefits for merchants, fraud protection is not one of them.
Merchants that think they should still use 3DS on all transactions because it will protect their business from fraud need to realize that consumers can still file chargebacks on transactions for which 3DS has been successfully completed. When this happens, banks can report chargebacks as service chargebacks, shifting liability and losses to the merchant. All chargebacks on 3DS transactions are also counted towards the card scheme fraud-to-sale programs, regardless of who the chargeback liability falls on.
This places the merchant at risk of incurring heavy fines. If a merchant has increased fraud traffic, they could see lower authentication rates due to their poor standing with the banks, causing certain institutions to off-board them.
You need more than 3DS2 to prevent fraud
3DS2 shifts liability to issuers, protecting the merchant’s business when a transaction is fraudulent. It also enables retailers to increase authorization rates, making 3DS2 is a trusted friend to a merchant’s business. However, merchants shouldn’t use 3DS2 as a full-time fraud prevention solution. They should find a comprehensive fraud prevention solution that creates a frictionless and enhanced experience throughout the entire customer journey.
Merchants need to find a partner that can apply 3DS2 in a smart way — meaning when users successfully complete transactions through 3DS and banks authorize those transactions. That partner must also recognize when non-3DS transactions will guarantee increased conversions and enhance the customer experience.
When merchants do all of these things, they will know whether 3DS2 is their best friend in enabling true business growth.
Forter is the Trust Platform for digital commerce. We make accurate, instant assessments of trustworthiness across every step of the buying journey. Our ability to isolate fraud and protect consumers is why Nordstrom, Sephora, Instacart, Adobe, Priceline, and other leaders across industries have trusted us to process more than $500 billion in transactions. Click here to learn more.