Despite the enormous interest that traditional banks have in protecting the integrity and security of transactions, ecommerce fraud remains far more common than most people realize. Cybersecurity professionals are in a never-ending battle against online hackers and fraudsters. This means your customers’ data and bank account information are only as safe as the level of protection your business provides.
That’s where 3D Secure Authentication comes in. It has been around for years, but you may not be familiar with what it is and how it can benefit you.
While 3D Secure is not foolproof, it will drastically reduce fraud in online transactions by making it significantly harder to use a stolen card to make a purchase.
3DS is a security protocol that provides an extra layer of security for card-not-present transactions. It was designed to allow cardholders to easily authenticate their identity in order to prevent payment fraud and reduce chargebacks.
The basic principle behind 3D Secure is rather simple: a cardholder’s bank needs to confirm their identity in order to authorize an online payment. Identity verification can be done in various ways. Usually, customers will be asked to enter a password or a unique code sent to them by SMS. Sometimes they may be required to approve the payment in their bank’s app. Another option is for the cardholder to select a PIN number to use for 3DS purchases. This code is set up when the cardholder enrolls in the 3DS card program and is encrypted for security purposes. 3D stands for “three domains.” Those are:
- Acquirer domain: The bank or merchant to which money is being paid.
- Issuer domain: The cardholder’s issuing bank.
- Interoperability domain: The underlying systems that support 3DS.
These three share information about the transaction, known fraud and the cardholder to determine the risk of a transaction.
3DS is a collaboration between Visa and Mastercard. The fact that the world’s biggest credit card companies worked together to produce this system shows how important it really is.
Is there a downside to 3DS? Sure, some users might find it hard to tell if a 3DS pop-up is legitimate and could mistake one for a phishing scam. 3DS also adds a little extra time to the checkout process to verify identification — but keeping your customers’ information safe is definitely worth the added time.
There were also some issues with the first version of 3DS that made some merchants hesitant to implement it right off the bat. Fortunately, those issues were resolved in version 2.0, aka 3DS2. Some of the upgrades include:
- Authentication method. The permanent passwords used in the original version require customers to memorize something, which for some people isn’t easy or convenient. 3DS2 introduced authentication through OTPs or biometrics, meaning customers don’t have to remember anything. This translates to quicker and smoother transactions and reduced chances of fraud.
- Mobile phone integration. The first version of the secure protocol was developed before smartphones were being used for ecommerce, hence it was only for purchases in regular browsers. 3DS2 is integrated with both mobile apps and browsers.
Overall, 3DS2 payment processing makes the payment verification process quicker and more customer-friendly with less cart abandonment. Therefore, more and more merchants are giving the new security protocol a shot.
3DS is not as widely used in the U.S. as it is in some other regions. As part of a European Union mandate called the Revised Directive on Payment Services, merchants operating in the European Economic Area must use payment service providers that offer what is known as strong customer authentication. In essence, this directive ensures that transactions occurring within the EU use 3D Secure to verify a buyer’s identity.
Now that you’re up to speed on what 3DS is and how it works, let’s look at how it can work for you and your business. There are numerous benefits to offering 3D Secure to your customers. As mentioned earlier, the most important advantage of 3DS is that it reduces fraud. This makes online shopping safer, improves customer confidence and boosts sales. But there are other advantages. Adding 3DS to your checkout process enables you to:
- Protect cardholders against unauthorized use. As more businesses implement 3DS, it becomes more difficult for criminals to steal and use debit or credit card information.
- Add extra layers of fraud protection that make it harder for scammers to commit fraud online. Customers can rest assured that they are shopping with a legitimate business, while businesses are better protected from credit card fraud.
- Facilitate more international transactions. Customers will feel more secure making international transactions because of the added security.
- Shift fraud liability from your business with chargeback protection on qualifying transactions.
With credit card fraud rampant, any valid card has the potential to be used in a fraudulent order. When a merchant employs 3DS, the fraudster will have to go through multiple steps designed to stop malicious activities. While 3D Secure is not foolproof, it drastically reduces fraud in online transactions by making it significantly harder to use a stolen card to make a purchase.
The payment processing industry continues to implement new approaches in preventing fraud. To take advantage of 3D Secure and other helpful systems and strategies while maintaining the speed and convenience customers have come to love about online shopping, seek out an experienced and knowledgeable merchant services provider to guide you through the process — one that knows how important online security is, especially when it comes to financial transactions.
Jonathan Corona has two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.
