The good news is that fraud for in-person credit card transactions is way down. Visa reported that in-person fraud decreased by 70 percent between December and 2015 and September 2017. That’s not a huge surprise, thanks to the big push towards using chip technology for credit cards since 2015. The chip now present on most US credit cards makes it harder for thieves to copy data and allows for better user authentication.
But as expected, the thieves didn’t just stop trying. The EMV chip technology—named after the original developers, Europay, MasterCard and Visa—cut down on in-person credit card fraud. But fraud for card-not-present (CNP) transactions, which are usually online purchases, is on the rise. According to Aite Group, CNP fraud losses increased from 2.8 billion in 2014 to 4 billion in 2017. And online spending is only growing. Ecommerce sales were more than $360 billion in 2016, $409 billion in 2017 and are expected to increase to $638 billion in 2022.
3-D Secure (3DS) was launched in 1999 to fight fraud and better protect cardholders’ information. It’s an optional service that provides an added layer of authentication security for online purchases. On the consumer end, credit card holders who enrolled are asked to enter a password or PIN to complete online transactions. Visa was the first to use the system, known as Verified by Visa, followed by MasterCard SecureCode and American Express SafeKey. Changes have been made to 3DS over time, but it hasn’t kept up with technology and shopping trends. For example, 3DS 1.0 only works with browsers and so doesn’t allow for mobile payments made via smart phones or watches.
To keep up with the changing market and make the experience more user friendly, 3-D Secure 2.0 (3DS 2.0) is being rolled out, with Visa expecting its rules for 3DS 2.0 to go into effect globally by April 2019. MasterCard is doing away with static passwords by the end of 2018 and expects the new 3DS 2.0 program to go into effect at the end of 2019. 3DS 2.0 is meant to make authentication faster and more accurate, put less of a burden on the customer, and keep up with growing mobile payments.
Participation in 3DS 2.0 is optional, but there are benefits for merchants, customers and credit card issuers. For the customer, it means more secure purchases. For the merchant, the existing benefits include a shift in fraud liability to the issuer and higher authorization rates for 3DS transactions. An expected new benefit from 3DS 2.0 for both merchants and credit card issuers is a decrease in false declines.
Here are the areas of improvement with 3DS 2.0:
Most of us don’t think about just how much happens when we swipe, insert, tap or type in our credit card information. In a flash, credit card and customer information determines if the customer has the funds to pay for the purchase and if there are any fraud red flags. Then the transaction is either approved or denied.
3DS 2.0 should make that process speedier and more accurate than 3DS 1.0 because it lets the merchant share much more data. The data can include things like the credit card holder’s key addresses (shipping, billing, email), the language of the customer’s browser and a merchant risk indicator. A low-risk customer might be a repeat customer while a high-risk customer might be someone new to the merchant who is asking for a package to be delivered somewhere other than their billing address. The more data and the better the data shared between merchants and issuers, the better the fraud assessments and rate of false declines are expected to be.
Better customer experience
For credit card users who enrolled in 3DS 1.0, authenticating their purchases meant typing in a password in a pop-up window (one that often didn’t work well on mobile devices). If the customer couldn’t remember their password, they might just give up on the purchase. With 3DS 2.0, credit card users won’t be asked to provide a static password, which should speed up transactions. Instead, 3DS 2.0 will rely on easier authenticators like biometrics—fingerprints or facial recognition—or one-time passwords.
Multiple device support
The smartphone didn’t exist when 3DS first debuted, and it can still only support browser-based, rather than application-based, transactions. 3DS 2.0 will allow authentication for in-app purchases and mobile wallet payment like Apple Pay or Google Pay. That’s important, since global mobile payments are estimated to grow by 33.4 percent between 2016 to 2022.
With 3DS 1.0, the merchant was bound by the decision from the credit card issuer about whether a charge was accepted or declined. 3DS 2.0 will let sellers turn on a non-challenge mode in cases where they want to use their own risk models to approve or deny a sale. They’ll have to take on the liability risk if that purchase ends up being fraudulent, but it will mean a better and quicker experience for their trusted customers.
3DS 2.0 will offer added security for customers making online purchases, help cut down on fraud and wrongly declined purchases for merchants. The updates also address some of the issues with 3DS 1.0 that frustrated customers and merchants by allowing mobile wallet payments, doing away with static password and making it easier to recognize low or high-risk purchases.
As consumers become more sophisticated and the push for frictionless payments increases, merchants should strongly consider the benefits of 3D Secure 2.0. As ecommerce and mcommerce continue to grow, merchants should strive to optimize customer experience without foregoing security. 3D Secure 2.0 bridges the gap between both while enabling merchants to enjoy higher authorization rates and fewer false declines.