Global eCommerce payment fraud is estimated to reach $48 billion this year. That's a 14% rise from last year.
As eCommerce continues to grow, so too will the number of thieves targeting its payments infrastructure and card details through tactics such as phishing scams.
It's an ongoing battle, but the financial authorization process has adapted to support internet payments.
Perhaps the simplest and most effective example of this is 3D Secure. Let's take a look at what it is and how it works.
What is 3D Secure?
3D Secure (3DS) is an additional security authentication measure used in online card transactions.
It is used to add an additional layer of security for both the cardholder and the online merchants.
'3D' stands for 'three domains'. The three-domain model consists of:
- The card issuer (the financial institution that issues a debit or credit card to the customer)
- The merchant that receives the payment
- The 3DS infrastructure that acts as a secure layer between customers (via card issuers) and merchants
3D Secure is designed to provide protection against fraudulent transactions.
Strong Customer Authentication (SCA) regulation requires the use of 3D Secure for European card payments. 3D Secure is optional in other regions across the globe, but still strongly recommended.
How does the 3D Secure process work?
When a customer makes an online purchase via credit or debit card, 3D Secure decides whether an extra security protocol needs to be implemented for each card payment. This protocol helps make sure that the customer is the rightful cardholder.
Step 1: Redirect to 3DS page & single-use pin generation
If 3D Secure is used, the customer will be directed to a 3DS page. This is where the authentication process begins. The cardholder will be asked to enter a PIN or password after they have completed the online checkout process.
Simultaneously, the cardholder's bank will generate a single-use PIN, sending push notifications to the customer's phone via an SMS code.
Step 2: Single-use PIN entry
Obviously, if the card transaction is not genuine, then attempted fraudulent activity should be blocked at this stage.
For a genuine transaction, this PIN will need to be entered into the 3DS page to verify any online payments.
Step 3: Card issuer approval or decline
Next, all information is forwarded to the card issuer, who either approves or declines the transaction.
Once the data is received by the issuer, it is run through an automated fraud detection system, which checks if the transaction is low or high-risk.
Low-risk transactions are typically approved automatically, with the customer only experiencing a 1-5 second delay whilst the payment is being processed.
High-risk transactions, on the other hand, may require more. This could mean a customer being sent a one-time password or using biometric authentication (such as fingerprint authentication) on their online banking app as an additional verification step.
Advantages and disadvantages of 3D Secure
Advantages of 3D Secure
1. Increased security
The main benefit of 3D Secure is the increased layer of security it brings.
In particular, because it verifies the cardholder's identity, it stops many attempts at fake profiles being set up to make payments.
Protection against chargebacks
3D secure is particularly good at providing increased protection against fraudulent chargebacks.
Visa Secure and Verified by Visa both ensure that merchants will not receive a chargeback on their account.
This can help prevent 'friendly fraud'. This is when a cardholder makes an online purchase and then purposely attempts to file a fraudulent chargeback.
Recent studies have found that merchants who use 3D secure can reduce chargebacks by as much as 70%.
2. Interchange benefits
When used with Visa or Mastercard, 3D Secure can provide interchange benefits such as interchange fees and longer payment terms.
Both cardholders and issuers can benefit from the following:
- Increased vendor sales as a result of improved customer protection
- Better international customer transactions
- SSL encryption protects servers
- Increased customer satisfaction
3. Customer confidence
Customers are more likely to trust your company if they are confident that their shopping experience is safe.
Using 3D Secure will reassure customers using your site that sharing their personal and financial information with you is safe.
4. Liability shift
3D Secure ensures that the merchant is not liable for fraudulent refunds.
Instead, liability is shifted from the business to the issuing bank or the card issuer responsible for the fraudulent chargeback. While the ideal would be fewer chargebacks raised, shifting the liability to the issuer is a potent reason for vendors to implement 3DS.
All disputes will be managed behind the scenes by the issuer rather than the appearing on the vendor dashboard.
Disadvantages of 3D Secure
3D Secure does have some drawbacks.
1. Friction
3DS may cause friction in customers' shopping experience. The need to input a one-time password may result in abandoned baskets.
Research by Ravelin found that 3DS takes on average 37 seconds and that 22% of payments that require it are lost.
2. Cost of implementation
Additional costs may be associated with setting up or using 3D Secure. This makes it difficult for start-ups or businesses with low budgets.
Of course, this varies according to how it is implemented and the payment processor chosen to assist with its implementation.
3. Lack of consumer understanding
In markets where 3D Secure is not mandated, cardholders may not be entirely familiar with it.
If they do not understand what it is or how to complete a payment that requires it, it may deter them from completing the transaction and cause them to abandon their cart.
What is a 3D Secure PIN?
A 3D Secure PIN, or 3DS PIN, is a six-digit numerical code employed by a card user for authenticating online transactions that utilize the 3D Secure protocol.
The code serves to confirm the identity of the card owner to the bank that issued the card during online purchases.
Similar to conventional PINs used at physical POS terminals or ATMs, 3D Secure PINs enhance the security of card transactions. They do this by safeguarding financial assets and bolster consumer confidence in the initiated transaction.
What is 3D secure 2.0?
3D Secure 2.0 is a security protocol for online transactions that provides higher level identity verification information than standard 3D Secure.
One study by Visa found that it can reduce fraud by up to 40%. It does this by allowing merchants to communicate with the cardholder's banks and vice versa
EMVCo published 3D secure 2.0 in 2016. It was designed with the intention of correcting some of the original version's limitations.
The second rendition of 3D Secure streamlines the verification process. It ensures the online checkout experience is as frictionless as possible without sacrificing the extra layer of security.
The key differences between the original and 2.0 versions of 3D Secure are:
- 3D Secure 2.0 supports mobile devices
- 3D Secure 2.0 addresses security and usability issues that are present in 1.0. This includes the replacement of static passwords with one-time passwords as well as biometric authentication
The shift to 3D Secure 2.0 aligns with the consumer movement to mobile and online shopping. Merchants are tactically taking advantage of this trend by adopting 2.0 into their strategy.
Partner with Nuvei for payments and fraud risk management
Partnering with the right payments provider can make a big difference to how secure your payments are.
Our fraud and risk management platform can be fully integrated into your payments solution.
It offers real-time fraud detection and a scoring engine that can stop transaction fraud early. It can help you reduce risk, chargebacks, and customer onboarding times, simplify PCI DSS compliance and manage 3D Secure complexity.
What is a 3d Secure payment gateway?
A 3D Secure payment gateway employs either the 3D Secure or 3D Secure 2.0 protocol to authorize online transactions. This system enhances security for buyers when dealing with merchants who operate without a physical card presence. During the online payment process through a 3D Secure gateway, the card owner is required to confirm their identity by inputting a fixed password, a temporary PIN, a one-time code, or by utilizing biometric verification.
Conclusion
3D Secure is a powerful tool for fraud prevention in the online payment process. It is a legal requirement in Europe where it is an example of Strong Customer Authentication, but is optional elsewhere.
It verifies data points between three parties: the customer, the card issuer, and the 3DS infrastructure.
Having this additional verification step can prevent different types of fraudulent activity such as fake profiles and friendly fraud. It also brings interchange benefits, increased customer confidence and a liability shift from merchant to issuing banks.
It may bring with it some disadvantages, such as customer friction and implementation costs.
3D Secure 2.0 is an important update, making it a more powerful version of the tool. It supports mobile payments and makes use of one-time passwords and biometric authentication.