3 common beliefs about fraud fighting and 3-D Secure

Amongst the preeminent tools in the fight against fraud, 3-D Secure (3DS) is at the forefront. The famous security protocol, developed by Visa, Mastercard and AmEx (SafeKey), reinforces the authentication of customers paying online. 

But this additional step in the purchase funnel still impacts conversion from 10% to 15% on average (Be2bill’s internal study). So let us sort out facts from misconceptions about fraud and 3DS.

Belief #1: Applying 3DS on the most expensive carts is the key to avoid the biggest frauds

TRUE & FALSE

High-amount carts are vital for merchants. Nevertheless, there are more subtle and appropriate methods to use 3DS against fraud, and avoid conversion mitigation at the same time.

With a pragmatic approach, based on data collection and analysis, fraudulent transactions can be tackled and false positives avoided.

Important criteria, that have to be crossed with the amount of the carts, include: velocity (several transactions conducted in a short time in remote areas), delivery address, type of products, e-reputation, etc. Every signal leading to an anomaly compared to usual purchase behaviour has to be detected. These anomalies reveal risky profiles.

Belief #2: 3DS eliminates every chargeback and fraud 

FALSE

A successful 3DS authentication doesn’t necessarily mean that the transaction will never be chargebacked:

• Business cards often don’t lead to the liability shift normally induced by 3DS - chargebacks can occur, and the merchant won’t be protected.

• Identity theft remains possible: fraudsters steal the card credentials as well as the phone number. They ask the operator for a new SIM card, so they can directly receive the texts on their phone and make purchases with 3DS authentication. The victims suffer on two fronts: stolen money on their banking account, and a phone that doesn’t work anymore! And this type of fraud is growing significantly.

It is also important to note that some cards are not enrolled in the 3DS system. In that case, there are some ways to block transactions or to tag them for manual review by the merchant.

Belief #3: A good configuration of my 3DS is protecting me for 6 months

FALSE

It is, in fact, wise to change the settings of the 3DS protocol based on several indicators:

• Seasonality, especially during sales, when amounts of purchases skyrocket

• Chargeback reviews, which can lead the merchant to adopt a continuous improvement approach: analysis, implementation, adjustment of the transaction criteria.

The most important thing to remember is that fraud is constantly changing. Fraudsters are continuously making tests and they adapt their methods if the rules are simple. If the rule is based on cart amounts, fraudsters will easily discover and multiply purchases with an amount just under the threshold that triggers 3DS.

For the best ratio between prevention and conversion, Be2bill’s prevention tools have a risk-based and pragmatic approach:

• Smart 3DS: In 2012, Be2bill was one of the first payment solution to provide a tool for merchants that triggers 3DS with a selective approach (“Smart 3DS”). In a rule engine, banking and merchants’ data are analysed all together: cart content, client segmentation, velocity, etc. This risk-based approach had good results, with an average 3DS triggering rate of 15%, and a fraud rate of 0.2%. 

• Machine Learning: In the last months, Be2bill launched an innovative programme using Machine Learning to reduce 3-D Secure triggering rate, while confining chargebacks. The tests showed improved results as 3-D Secure trigger volume reached ~4% (vs ~15%) using Smart3DS. Chargebacks’ volume was also reduced by 4% in some traffic classifications. By using machine learning technology, the programme enables transactions analysis automation, without any prior rules’ definition. 

About Thibaut Faurès Fustel de Coulanges: 

After a long career in Banking and Marketing Services, Thibaut launched Be2bill in 2012. Be2bill has a strong growth and now processes more than EUR 2 billion for 2,500 merchants in all sectors (Retail, Travel, Gaming, Gambling, etc). Since March 2016, Thibaut has been CEO of Dalenys.

 About Be2Bill: 

Be2bill is a card payment solution by Dalenys, authorised as Payment Institution by Banque de France and associate member of GIE Cartes Bancaires. As an acquiring bank, a PSP and a business expert, Be2bill is helping Tier 1 merchants in their omnichannel strategy by increasing conversion rates while preventing fraud more efficiently.