Blogs/Fraud Risk

3D Secure- All there to know

Blog-Image

What is 3DS?

3D Secure or 3DS is a security protocol initiated to upgrade protection during card-not-present transaction instances (CNP). 3DS acts as an extra layer of security by confirming the cardholder’s identity prior to authorization and thereby rapidly reducing the risk of online fraud. eCommerce merchants around the globe are adopting the 3DS methods as an integral part of their fraud prevention program, So how does this work?

3DS Workflow

The name 3DS is derived from the “Three Domain Model”. And the three domains that cover the model are:-

  • Issuer Domain Bank/financial institution that issues the debit/credit card to the consumer required for the transaction
  • Acquirer domain The merchant/bank that receives the payment from the transaction
  • Interoperability domain This domain acts as a bridge between the other two domains. A structure issued by the types of payment cards.

During online checkout, the buyer enters the card details for processing the payment and the issuer bank determines the risk appetite with aid from the data points including the currency used, the place of transaction, and the frequency of payments of the user. If the risk appetite is high, the user will be redirected to a different page where the user is supposed to verify the identity conventionally by verifying via a code sent directly to the cardholder’s registered mobile number. Once the identity is verified they will be able to complete the transaction and purchase.

3DS 2.0 - The next generation

3DS was introduced to the market in 2000. The 3DS authentication standard was designed by VISA back in 1999 and has been adopted by other types of cards, some of the dominant ones are Mastercard, American Express, Union Pay and the list goes on.

Nearly two decades later, 3DS 2.0 was introduced to answer future market requirements and new payment channels. 3DS 2.0 is an updated and better version of the original. 3DS 2.0 is developed to outlive the bottleneck of 3DS 1 and it’s implemented by delivering a more facile user experience. It supports non-browser payment methods such as In-app purchases, digital wallets, and wearables. Registration of the card is needless in this version. 3DS 2.0 is going to rule the authentication standard by bestowing a frictionless and quick checkout process, more accurate fraud prediction with the help of a robust data structure, and a seamless user interface. 3DS 2.0 is pertinent for merchants who need to be compliant with the European PSD2 regulation (PSD2 is a European regulation for electronic payments for enhancing security).

3DS 2.0 Pros and Cons

The key takeaway from 3DS is the depletion in fraud risk and the liability shift from merchants to banks. In most cases, the responsibility of chargeback is shifted from merchant to banks as the customers are authenticating themselves with their issuer bank.

Even though the 3DS protocol is mitigating the fraud risk, this alone is not enough to cover the fraud protection structure. Overuse of 3DS and dependency on the fraud-detection systems and risk rules of payment service providers (PSPs) could increase the false-negative rate. 3DS authentication process can create a poor user experience by adding friction and might lead to increased cart abandonment. However there is a way to reduce this friction, RBA Risk-based authentication technique is a proven method to tackle unnecessary friction during an online transaction

RBA (Risk-based authentication) to enhance the customer experience.

RBA is a systematic way to enable a frictionless experience during an online transaction. RBA is enacted by placing a transaction monitoring system before authentication which will then track any anomalies/ suspicious behavior in the 3DS system and a risk-based score will be calculated at the margin. Further, with the help of the risk assessment score, ACS will be enabled for high-risk scores and will be redirected to confirm the identity by an OTP or any other methods. Thus every transaction will not require identity verification and thereby reducing the friction and elevating the customer experience.

Request-Demo Request a Demo