In fraud prevention, sometimes the cure is worse than the disease.
"Javelin says there was $9 billion in fraud but $118 billion in false declines," said Tim Sherwin, co-founder and executive vice president of CardinalCommerce, an e-commerce authentication company that's a long-time collaborator with Visa, and will soon become part of Visa when the card network's planned acquisition closes early next year.
Much like rival Mastercard, which recently took its Decision Intelligence AI product out of pilot, Visa wants to make sure that it isn't turning away legitimate customers when it finds signs of potential fraud.
Visa and Cardinal hope that security collaboration between merchants and issuers will be made easier by strengthening the tokenization technology that's designed to protect e-commerce transactions, a major peg of many retailers' strategies as they attempt to embrace omnichannel shopping and payments. The collaboration is also a big part of Visa's deployment of tokenization to protect Visa Checkout transactions, a project that's expected to last more than a year.
The revamped 3D Secure authentication protocol, Cardinal's security technology and Visa's network will enable merchants better use and trust tokenization, which can bring more accuracy to authentication risk, Sherwin said.
Visa needs to have a good, viable product in this area that it can resell to merchant acquirers, processor and merchants to spur the adoption of 3D Secure authenticated payments, said Avivah Litan, a vice president at Gartner. "Cardinal's product helps maintain security and a frictionless shopping experience for consumers…high friction is what kept 3D Secure from being more widely adopted in the U.S. in the first place," she said. "Cardinal's product reduces this friction."
3D Secure was previously implemented mostly as an extra password for shoppers to type to approve e-commerce transactions; more recently, the technology has been changed to a risk-based vetting system.
"3D Secure is the infrastructure that is put in place to support tokenization," said Mark Nelsen, senior vice president of risk and authentication products at Visa, adding the improvements to the standard improve the accuracy of the triggers that determine if a token is legitimate.
That means fewer transactions will be flagged or rejected, Nelsen said, adding the growth of web-enabled hardware and the stress on merchants to respond to that channel diversity requires identity risk with less navigation.
3D Secure also allows merchants to support mobile wallets with fewer identity prompts for the consumers, allowing merchants to enable third party mobile apps alongside more traditional point of sale technology with minimal user identity prompts.
"Consumers are using a variety of devices," Nelsen said, adding there will be 20 billion connected devices by 2020. "Ensuring the authentication of the user in the digital space is incredibly important going forward."
3D Secure is catching on elsewhere, as JPMorgan Chase has made it part of its merchant-focused Chase Pay app.
"We've already seen increased market momentum around 3D secure, and Cardinal is the dominant market player in the U.S. enabling 3D Secure for merchants. It also has a decent non-U.S. presence as well," said Julie Conroy, a research director at Aite Group, who adds the updated 3D Secure will result in more data flowing between issuers and merchants, which can significantly reduce false declines—Aite's estimate is even higher than Javelin's--$260 billion in the U.S. estimated for 2016.
"Many of these false declines were online," Conroy said. "With the sizable resources of Visa behind them, I think Cardinal has the opportunity to accelerate its market penetration, which will be particularly important as EMV takes hold in the U.s. and we see the inevitable fraud migration to card not present transactions."