Digital commerce has been steadily increasing over the past four years, growing from 8.5% of total commerce in the U.S. to roughly 20.4%. That trajectory is expected to continue, with digital commerce accounting for an estimated 27.8% by 2020.
As digital commerce continues to grow, merchants face steep challenges in removing friction from the payments process while keeping payments secure. The new 3D Secure 2.0 protocol enables merchants and issuers to exchange greater amounts of contextual data (gift card data, device information, server information, etc.) to verify a cardholder’s identity. This removes the friction for shoppers, which have typically been required to actively authenticate with a password. While the first 3D Secure protocol achieved secure authentication, version 2.0 aims to streamline the process by using additional data points for verification while positioning consumer experience as a top priority.
To understand the key benefits associated with the new protocol, it’s essential to understand the improvements that have been made and to evaluate the flow from version 1.0 to version 2.0.
In the previous version, the following flow would take place:
The new 2.0 version abides by the following flow:
The previous version of 3D Secure posed several challenges to merchants, with the leading concerns including:
Cart abandonment - 37% of merchants Performance/reliability - 28% of merchants Not optimized for mobile - 17% of merchants Limited control over when we can authenticate - 17% of merchants I have no concerns - 17% of merchants
3D Secure 2.0 eliminates concerns and doubts over the majority of these issues by offering a seamless flow that gives the merchant greater control over the outcome. Additionally, it removes the hassle of enrollment from the cardholder by removing their involvement. Instead, enrollment is performed by the bank for all cards under the same Bank Identification Number (BIN).
Cart abandonment—rated the highest concern for merchants—is drastically reduced as cardholders are unaware of the added security. Only in limited cases are cardholders asked to verify their identity beyond the embedded security measures provided. Even in the case of challenges, the user experience is optimized by multiple challenge options, including one time password, password, biometric, and more.
Reliability is improved as data collected from the device is added to the authorization stream, helping banks limit false positive declines. The additional consideration of account tokens beyond card numbers is introduced into the transaction flow, improving reliability as well.
Data for a range of devices beyond browsers are specified. Mobile, wearables, and a range of IoT devices are all supported to provide mobile optimization to improve customer experience. 3D Secure 2.0 also uses the function of 3DS Integrator Requests to facilitate recurring payments and remove another point of friction.
In the above section, we discuss the top merchant concern of cart abandonment. It’s an industry-agnostic problem that has plagued ecommerce since its inception. Much of this has been caused by friction from layers of security that slow the checkout process and transaction time. 3D Secure 2.0 combats this directly by collecting more data behind the scenes to improve identity validation and reduce challenges. It’s expected that the majority (95%) of transactions will qualify as low risk, barring additional challenges. Fewer challenges equates to greater purchase completions.The end result is an estimated 70% fewer abandonments. What’s more, the new protocol is expected to reduce transaction times by 85%, making the purchase experience more seamless for consumers.
On the fraud front, merchants enjoy zero liability for approved transactions. 3-D Secure 2.0 shifts the liability from the merchant to the issuer in the case of disputes and chargebacks. So long as a transaction is authenticated (or attempted authentication occurs), the merchant is not liable for disputes or chargebacks.
Additional business benefits include interchange discounts. Depending on the jurisdictions, merchants may be eligible for reduced interchange fees for 3DS-enabled transactions, which are offered by the payment networks. These incentives are aligned with those offered for 3DS 1.0; however it is anticipated that those will disappear to prompt greater adoption of the new protocol.
The new protocol offer enables mobile payments security, a must-have considering the current m-commerce landscape. Currently, m-commerce is growing faster than overall ecommerce, with global mobile retail sales increasing 47% year-over-year from 2015 to 2016. The seamless integration with mobile apps and browser-based environments gives 3DS2 a leg up on the initial protocol and creates greater peace-of-mind for mobile-friendly merchants.
While the technology benefits of 3D Secure 2.0 are quick to address many of the burning pain points in ecommerce, there are other unspoken benefits that multiple parties in the payments ecosystem enjoy.
The overall verdict that both consumer experience and security are heightened to facilitate safe, secure, and frictionless payments. As a result, merchants will see a boost in purchase completions and issuers can rest easy with additional data on hand to verify the identity of cardholders, decreasing fraud- and operational-related losses.
As authentication becomes more sophisticated while providing a simpler experience, merchants should consider the various repercussions of the technology. For one, biometrics—and behavioral biometrics, in particular—will play a more prominent role in the authentication process. Both merchants and banks stand to benefit from biometrics as a mechanism for verification and to prevent account takeover (ATO). Banks should consider implementing behavioral biometrics as a line of defense against bots and ATO attempts.
Mobile is also the buzzword for 2018 and beyond. It’s likely that mobile devices will replace passwords and dongles within the next six to eight years as mobile use and mcommerce continues to skyrocket. We will also see the majority of 3D Secure 2.0 challenges will tied back to the mobile device.
Other Notes on the Future of Authentication:
Merchants aren’t the only entities that benefit from implementing 3D Secure 2.0. Card-not-present (CNP) fraud impacts both merchants and issuers alike. In the wake of the EMV migration, a substantial amount of payment card purchases have moved to the online/CNP channels. Subsequently, many merchants have employed tailored fraud solutions to help with fraud detection while minimizing friction.
On the other side of this equation lies issuers and financial institutions (FIs). 3D Secure 2.0 will enrich fraud detection for issuers, who will receive a richer data exchange with more profound data points. 3D Secure 2.0 helps card issuers streamline frictionless authentication. These richer data exchanges that occur during a transaction will provide issuers with an enhanced ability to identify cardholder behavior (and device data), and make informed, risk-based decisions on whether authentication requests are necessary. One of the tenets of the new 3D Secure is that merchants enjoy an immediate liability shift when they sign up for the new protocol, regardless of whether their customers’ issuers are on-board. In this way, it is highly beneficial for issuers to get involved early, where they can enjoy better fraud detection features.
Another compelling factor is the need to cater to customers’ evolving preferences and behaviors. 3D Secure 2.0 affords a better overall customer experience, improved security, and frictionless payments. Issuers should be highly motivated to ensure their customers are happy customers that can access these benefits.
Finally, the number of security requirements and regulations are vast. The new 3D secure protocol can help issuers ease the burden of compliance. This is especially true as it applies to the guidelines outlined in the EU’s Payment Services Directive II (PSD2), which are closely aligned with 3D Secure 2.0 protocol.
While there will probably be some overlap in the rollout of 3D Secure 2.0 and the use of original protocol, issuers and FIs should be preparing for migration to the new protocol as soon as possible. By utilizing an analytics-driven approach, issuers can effectively use extended data elements to inform risk-based decisions. Additionally, issuers should consider strategies for enhanced one-time passwords for authentication. The new protocol will step away from the static password and require stronger authentication via one-time passwords, and issuers will need to be able to execute on this via SMS-delivered passwords and other means.
Opus is well-equipped to help financial institutions implement and build solutions in the 3D Secure 2.0 space. With over two decades in building and launching payments products, consulting in the fintech space, and creating industry-leading solutions, Opus has worked across various aspects of payment gateway and authentication solutions. Opus works closely with financial institutions (FIs) to understand their current payment system landscape and help refine gaps in legacy systems. Opus consults on upcoming compliance needs and can help build and tune risk-based decisions engines aligned with an FI’s business and risk profile.
Opus understands the challenges FIs face in implementing and building 3D Secure 2.0 Solutions. To derive best business benefits of 3DS2, each FI need to create a strategy that fits its business needs and risk potential. FIs must take into account the operating market segment, target customer profiles, geographies operated, risk appetite and various other attributes when designing rules for risk engines in 3DS2. Changing business needs also impact deployment, so level of configurability and flexibility desired out of system must also be considered for adaptability. 3DS2 is one part of a broader authentication strategy, and FIs must be cognizant of the forward-facing movement of each of their organizations. This includes considerations like devices and channels on which customers are anticipated to transact as well as end-to-end customer experience during authentication on each device and channel. Migration strategy is also a key consideration as FIs move from 3D Secure to 3D Secure 2.0. FIs need to consider and plan for how additional data will be used in the authentication process to prevent fraud and also how to integrate with tokenization strategy.
Opus has a streamlined process for helping FIs meet and surmout each of these challenges and considerations. We approach each partnership in a phased manner that aligns with customer expectations. We assess each customer's’ payment system landscape via a joint workshop, mapping out current and future business objectives and growth plans. We present industry intelligence in the form of market trends, upcoming compliance needs, and incremental business values to be gained through future initiatives that drive better business and IT decisions. Phase I sets the stage for building and enhancing system. Opus can then deliver assets and frameworks that help expedite time to market. In addition to helping FIs with their current payments needs, we jointly invest in co-innovation on futuristic concepts in our Idea Labs.
As a trusted partner, Opus works in tandem with our FI customers to help them stay ahead of the curve with security and authentication technology and tools. We understand that consumer expectations are becoming exponentially more sophisticated, requiring the utmost convenience and a seamless experience. We work with FIs to harness the benefits of advancement in technologies—including payments technologies and those rolled out in other industries—while protecting against fraud and vulnerabilities introduced through some of these technologies. Our ability to fine-tune security and authentication mechanisms ensure that FIs continue to build customer trust, reduce fraud losses, improve customer stickiness, and maintain a positive brand image and reputation.
Consumer attitudes have shifted from a solely security-based focus in ecommerce to one of convenience. This has led to the proliferation of smartphone use and mcommerce and will continue to drive purchase decisions in the future. Increased trust in mobile devices means both merchants and issuers must adapt their authentication practices and standards to more sophisticated preferences that cater to mobile without sacrificing security.
3D Secure 2.0 will act as a bridge in the gap between current ecommerce security measures and consumer’s evolving behavior and preferences. With greater amounts of contextual data to verify a cardholders identity, merchants and issuers can rest easy that the improved customer experience will be matched with tight security measure that remove friction from the process.