Online shopping has drastically changed the way consumers access goods across the world. Today, the number of connected devices is in the billions. Most of these consumers are making purchases through mobile apps, browsers, or digital wallets. In 2017 alone, over $37 billion total global sales came from in-app purchases. Industry research shows that nearly half of all digital transactions that decline due to suspected fraud are actually legitimate purchases. With the increase in internet payments worldwide, fraud protection has become one of the more challenging aspects of taking secure payments while safeguarding consumer credit card information and ensuring legitimate payment success for businesses.
It is, for this reason, 3D Secure was created and then adopted by the Visa, MasterCard, American Express, along with the other card brands. 3D Secure (or Three-Domain Secure) is a security protocol designed to reduce the ability for fraud during online or “card not present” transactions. It is an industry standard protocol that requires transactions for online shopping to be authenticated by the cardholders during checkout. The goal of 3D Secure is to protect a consumer’s card information against fraudulent use via cardholder/acquirer authentication in situations where it is harder to determine the identity of a cardholder. Currently, the card brands use 3D Secure under their respective brand flagships: MasterCard is called MasterCard SecureCode, Visa’s version is called Verified by Visa, American Express has American Express SafeKey, and Discover has ProtectBuy.
Better Protection, Better Experience
While 3D Secure made the internet shopping process a much safer option for the consumer, it had a tendency to add friction to the shopping experience. It quickly proved to raise the rate of shopping cart abandonment during the checkout process – this being a major issue for online retailers. This is why 3D Secure 2.0 (or 3DS2) was born. 3D Secure 2.0 not only addresses all the issues experienced with version 1.0, but it also touts one of the most frictionless and secure ways to authenticate card data at the point of checkout. This version of the protocol was designed with four features in mind: Mobile Functionality, User Experience, Merchant/Business Adoption, and Data. Simply put, 3D Secure 2.0 deploys and transmits more extensive, sophisticated online transaction data during the time of authentication to ensure cardholder identity and reduces the amount of illegitimate (or false positive) declines. This more advanced layer of data not only reduces fraud, but it also has improved on the speed and experience of verification during checkout for online businesses.
Advantages of 3D Secure 2.0
It is optional for businesses to participate in 3D Secure 2.0, but there are a myriad of advantages for them, their customers, and credit card issuers:
For the business: The huge impact of 3DS2 is that the existing benefits include the shift of liability to the issuer and an increased rate of approval for 3DS transactions. Additionally, this leads to the reduction of illegitimate declines or false positives.
For the customer: Ultimately, this means customers can make more secure payments with less of a chance for fraud and an experience that appears as seamless as most simple mobile payment processes.
Stronger Fraud Detection
To determine the authenticity of a cardholder, 3D Secure 2.0 will now share data between businesses and issuers including the customer’s key addresses (shipping, billing, email), the language of the customer’s browser and a merchant risk indicator.
Improved User Experience
Rather than requiring cardholders to enter a static password, 3D Secure 2.0 will rely on easier authenticators like biometrics – fingerprints or facial recognition – or one-time passwords.
Better Device Support
At the advent of 3DS1, it only supported browser-based, not application-based transactions, and at that time, the smartphone was non-existent. 3D Secure 2.0 allows authentication for app-based transactions and digital wallet payment like Apple Pay or Google (Wallet) Pay. Why is this huge? Industry estimates for mobile payments will grow by 33 percent by 2022.
Optional, Not Mandatory
With the first version of 3DS, card issuers had full control over whether a charge approved or declined, leaving businesses at their mercy. With 3D Secure 2.0, businesses can switch to a non-challenge mode in situations where they want to use their own, in-house risk models to accept or decline a sale. In this mode, businesses choose to assume the liability risk if a purchase is fraudulent, however, it also means a speedier and much better experience for their most trusted customers.
When Will 3D Secure 2.0 Go Into Effect?
Even with all of the improvements, card issuers and businesses need time to test, pilot, and refine, and create solutions based on 3D Secure 2.0 before it is fully rolled out. Currently, Visa will extend 3D1 transactions to 3DS2 beginning in April 2019 with other card brands following by the end of 2019. Businesses and issuing banks are already working on the implementation of 3DS2 with the hope to improve payments security and increase authorizations.