August 19, 2016
Guest Perspective: 3D Secure or not 3D Secure?
As more sophisticated methods of online authentication evolve, a tried and true remedy—one not without critics—continues its own evolution. Noam Grinberg, head of risk management at payments experts SafeCharge, discusses the merits and future of the 3D Secure protocol.
Internet shopping is fuelled by impulse from end users. “I see it, I want it, I buy it on my one-click ordering page.”
Herein lies the dilemma for merchants. How do they offer their consumers maximum security from online fraud together with a fast and seamless shopping experience? These two things do not sit easily together. Do merchants offer more complex payment pages with greater security and risk losing customers who are impatient to buy but frustrated at not being able to get through the purchase process easily? Do consumers stop shopping if they don’t have the correct passwords at hand or do they take a security override option if it’s available and put themselves, and the merchant, at greater risk of fraud? Is there a compromise, ensuring quick shopping, maximum security and minimum frustration?
3D Secure, or as it’s officially known 3 Domain Secure, is an XML-based protocol available as an additional security layer for e-commerce retailers to help minimize the risk of online fraud. Essentially, it provides an additional authentication and security layer for online payments.
The major benefit to an online merchant is that, by using 3D Secure, if a transaction subsequently turns out to be fraudulent, the merchant is not liable. Merchants are protected by the card issuer against chargebacks for fraud because the issuing bank takes on the liability if 3D Secure is used.
3D Secure is not a panacea for all a merchant’s antifraud problems. There are exceptions to the liability shift, such as the customer denying receipt of goods. However, used properly, 3D Secure can be an extremely valuable tool as part of a wider fraud screening process.
Users want safe, simple and speedy. When end users pay online they sometimes have to wait what seems like an interminable time for the 3D Secure process to be completed. This can lead to shopping cart abandonment and a conundrum for merchants: Is it better to have secure measures for online shoppers and risk losing them as a customer due to lack of speed or does the merchant offer a less secure option and risk chargebacks? A merchant needs to balance sales against chargebacks. By implementing 3D Secure, a merchant can reduce chargebacks by up to 90 percent, however the merchant is likely to lose between 15 percent and 20 percent in revenue due to abandonment and potentially false 3D Secure rejections.
Several clever ways of augmenting the traditional 3D Secure technology recently have been introduced that bridge the gap between user acceptance of a necessary delay, and reducing merchant risk. Dynamic 3D Secure is an advanced real-time tool whereby the payment service provider can decide in which cases to use 3D Secure. For example, if the transaction looks like it could be dubious (perhaps a cross-border transaction from a high-risk country), 3D Secure will kick in to protect the merchant. This can be a good compromise in the speed v. security dilemma.
Another type of 3D Secure offering is a sophisticated wrapper placed over the original 3D Secure solution in which the merchant constantly updates the client about where they are in the 3D Secure approval process. People are far more likely to complete the 3D Secure process if they are aware that progress is being made, rather than facing the uncertainty of a traditional 3D Secure screen where a user might think that a transaction has gone into a cyber hole.
Another recent development is the announcement of 3D Secure 2.0 planned for 2015. The next generation of the protocol will see a move away from the existing system of user passwords to authorize online purchases. Initially based on tokenization, and in the longer term secure biometrics, the new system will make it a lot more difficult for a fraudster to obtain a “3D PIN” (one-time use token). Faster to execute and harder to infiltrate, this new version of 3D Secure provides a combination of speed and security that shifts the balance of risk firmly back in favor of the merchant.
SafeCharge International Group Limited is a global provider of payments services, risk management and IT solutions for online businesses. The Group has a diversified, blue chip client base and is a trusted payment partner for customers from various e-commerce verticals.