EMV 3-D Secure, the E-Commerce Game Changer

The card-not-present (CNP) payment space has come a long way since the days of telephone orders. In the past few years, the market has seen an explosion in mobile app-based payments, which offer consumers unprecedented levels of convenience, albeit placing them at higher risk of CNP fraud.

One thing that hasn’t changed is merchants’ never-ending quest for higher profits and brand loyalty. They would still do anything for a customer’s repeat business. The same can be said for issuing banks, which must work hard to ensure their cards remain at the top of their customers’ wallets for e-commerce transactions.

Is there a way for merchants and banks to achieve their goals while catering to the demands of their customers? Is it possible to find that all-important balance between strong security and fraud prevention on the one hand, and good user experience on the other?

The answer is yes.

A New Lease on Life

EMV 3-D Secure is a messaging protocol that enables consumers to authenticate themselves with their payment networks when making CNP purchases. The concept isn’t new, but the original version of 3-D Secure — usually referred to as 3-D Secure 1 — was extremely cumbersome. In fact, it so negatively affected consumers’ digital purchasing experiences that it caused a dramatic surge in cart abandonment rates and a dip in transaction volumes.

Much has been done under EMV 3-D Secure (also referred to as 3-D Secure 2) to remedy the situation, including the vital addition of risk-based authentication (RBA). RBA enables the majority of transactions to be authorized using more effective risk-based data modeling that doesn’t require direct consumer interaction. This is a complete game changer in many ways:

• it vastly improves the e-commerce user experience by enabling frictionless checkout;
• cart abandonment is reduced (under 3-D Secure 1, cart abandonment rates soared as high as 15 percent), leading to increased transaction volumes and revenue; and
• CNP fraud stays at the top of the agenda.

Of course, when a transaction is deemed high risk and stepped up, it’s important that the authentication experience isn’t a complete surprise to the cardholder. Luckily, with EMV 3-D Secure, step-up authentication occurs through channels the customer already knows and uses, contributing further to the positive experience.

What’s the Catch?

For RBA to be effective, EMV 3-D Secure allows merchants to share much more data (up to 10 times more) to help issuers better evaluate the risk associated with CNP transactions and improve their authentication models. Four types of data can be shared for this purpose: transaction and consumer data, authentication data, merchant data, and device data.

For issuers, the challenge lies in the vast number of data points they're being sent, and the fact that some are required (or conditional) while others are optional. Additionally, merchants only have to pass on data if they're collecting it, which depends on the type of merchant they are.

Another difficulty facing issuers is that merchants typically don't send all their e-commerce transactions through 3-D Secure — only those that they already view as suspicious or high risk — because the fees are more expensive. This means that the data issuers receive is already skewed, which in turn skews the risk model.

To improve outcomes across the entire ecosystem, merchants need to better understand the value of sending all e-commerce transactions through 3-D Secure. The benefits gained by doing this will overcome the higher costs, for example, by reducing systemwide fraud, false positives, checkout times and cart abandonment.

Mzukisi Rusi is head of technology delivery, North America, Entersekt, an innovator of customer-centric fintech solutions.