By Roger Lester, Payments Expert, Featurespace
Since the introduction of 3-D Secure in 2007, adoption rates have been slow, and have varied between countries. Concerns about lower conversions and rising customer friction are preventing higher penetration rates, but new fraud prevention software solutions offer ways to balance customer satisfaction and security requirements.
Roger Lester, Payments Expert at Featurespace, explores how advanced machine learning and adaptive behavioral analytics technology help balance 3-D Secure checks against futureproofing an organization’s fraud defenses.
Why has adoption of 3-D Secure been mixed?
Designed to be an additional layer of security for online payments, the 3-D (“3 Domain”) Secure protocol has been adopted by all major card networks—more familiar to many of us under commercial names, such as “Verified by Visa” and “MasterCard SecureCode.” However, many merchants are hesitant about implementing 3-D Secure. Some of the top reasons for this are:
Concern about increasing customer friction—I’m hearing from many merchants in the industry who believe that adding another authentication step leads to higher drop-off and basket abandonment rates. This concern may be justified: Experience shows that customers may abandon a sale if they have trouble remembering the secure code or if there is a more convenient alternative, such as Paypal or Amazon One-Click. In short, there’s a concern that 3-D Secure increases customer friction.
Low U.S. adoption—The concern about increased customer friction is widely spread among merchants based in the U.S., where adoption rates are low compared to most European countries. According to Ingenico, adoption across all merchant tiers in the Netherlands and Belgium is the highest with 82 percent and 71 percent, respectively, compared to 5 percent in the U.S.
Current approach by retailers—In my experience, companies have relied on fraud rules rather than utilizing 3-D Secure, believing this will be effective enough to stop the fraud and not hinder their customers. In reality this has proved a dangerous and risky approach, often costing a merchant a small fortune in fraud losses.
Regulatory changes may force wider adoption
With regulatory changes such as the revised Payments Services Directive (PSD2) ahead, there is going to be a push from Continental European issuers and merchants for a Europe-wide adoption of the protocol, which will likely have an impact on the U.S. market as well to increase cross-border sales.
Reducing customer friction: using advanced fraud protection to minimize the impact of 3DS
So, how can merchants balance a potential regulatory move to 3-D Secure, with providing a seamless experience for their customers and not suffering from dropout rates by being forced to introduce an additional authentication step?
Limiting 3DS to high-risk transactions—Merchants and banks can use fraud rules to target the high-value transactions and apply 3D secure to minimize the associated risk. However, in the ever-changing world of fraud, rules deteriorate quickly, so this blanket approach can still lead to customer friction and lost sales from genuine customers.
Taking advantage of machine-learning fraud prevention—While this rules-based approach provides limited performance improvement, a more efficient approach would be to use the latest machine learning fraud prevention technologies that use Adaptive Behavioral Analytics to automatically understand each transaction and risk score it in real-time.
A machine-learning approach enables merchants and issuers to automatically understand the real-time, individual behavior of each customer and identify when that behavior changes. This approach means that high-risk transactions are accurately, automatically identified as they happen, and can be challenged.
Using this adaptive behavioral analytics approach, merchants can gain control over only prompting customers for additional authentication steps if the transaction is identified as high-risk by the fraud system.
Additionally, the most advanced of these fraud systems are self-learning –automatically adapting to new customer data as it is received. This means that the fraud models constantly update, and the assessment of “high-risk” can be done in real-time, on an individual basis, with minimal manual intervention.
Balancing business rules and machine learning—Without having to implement a new authentication method, organizations can use a combination of rules and adaptive behavioral models to reduce both customer friction and operational efficiency. While business rules will prompt all customers to input their 3-D Secure password at regular intervals, adaptive behavioral models will monitor each individual transaction data for real-time anomalies to identify known and unknown fraud attempts.
Using this approach is a good way to balance security and ease of use: one of our customers—a FTSE 250 company using a combination of rules and behavioral models—is now seeing a more than 95-percent acceptance rate for 3-D Secure transactions and almost no drop-offs.
Embracing machine learning fraud prevention alongside 3DS: an opportunity for merchants and financial services
With global card fraud projected to reach $31.67 billion in 2020 (Nilson Report, 2017), it is more important than ever to tackle risk management without adding friction to the customer experience.
While 3-D Secure can be a valuable tool to protect customers, it is even more powerful when implemented in combination with an advanced machine learning fraud prevention system. With these solutions in their hands, merchants have the opportunity to get ahead in the market by reducing customer friction and futureproofing against both known and unknown fraud attacks.
Roger Lester has worked in the card industry for more than 30 years. Having worked both with issuers and acquirers, he brings his financial services industry expertise and insight to his role at Featurespace (www.featurespace.com). As a payments subject matter expert, Roger ensures that Featurespace’s ARIC Fraud Hub development matches the risk management needs and requirements of the financial services sector.