3-D secure takes the security/friction balance out of the dark ages
As card-not-present (CNP) transactions across e-commerce, m-commerce and remote commerce rise, so does fraud.
Adding security without simply creating more points of friction is a real challenge, but one that the EMV 3-D Secure protocol – EMV 3DS for short – is trying to combat.
The protocols are generating real interest across the industry, but what exactly is EMV 3DS? And what are the key considerations stakeholders in the online payments and financial services world should be making?
Three-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactions. It creates a standardized, harmonized and secure authentication solution for all stakeholders: merchants, issuers, acquirers and schemes.
Initiated by Visa and followed by other payment schemes such as Mastercard. A new version of EMV 3DS has now been developed and is being maintained by the industry body, EMVCo.
We can break the main goals of the latest EMV 3DS specifications into three: Increase approval rates; Reduce fraud; and Enhance the user-experience.
Improved online authentication solutions – remembering the 3rd, 4th and 7th digit of a password set five years ago, for example – are far from user-friendly. And the stats speak for themselves: the e-commerce cart abandonmente rate is at nearly 70%, and around 28% of U.S. online shoppers admit to quitting orders due to checkout processes being too long or complicated.
Cutting out complex additional steps for consumers will reduce cart abandonment and result in better sales for retailers (as well as customers happier to return!).
By improving communication in the background between the issuing bank, the acquirer and the merchant, EMV 3DS streamlines the user experience. At a high level, basic account holder information can now be automatically retrieved and verified without additional consumer input.
EMVCo’s latest specification features even more intelligent risk-based decision-making with advanced algorithms and smarter data sharing that help evaluate if a purchase is normal. For example, the technology considers user location, amount spent and frequency of transactions. This means additional authentication processes are only requested when really needed.
If I’m making an m-commerce payment on holiday in Australia from a site I’ve never visited before I may then be taken through some of the new, simpler additional authentication solutions defined. These now include one-time passwords sent via SMS, biometric authentication, use of existing authentication on mobile devices and background authentication checks.
Crucially, EMV 3DS is no longer just for payments. The use cases for identification and verification are expanding, so the scope of EMV 3DS has become much broader to include adding cards to a digital wallet, open banking services and financial services apps, etc.
EMV 3DS is a compelling authentication solution fit for the digital, omnichannel age. But as with any major system upgrade, implementation does not come without its challenges.