Staying compliant and using 3DS Exemptions effectively to minimise friction for your customers

Wednesday 8 June 2022 09:34 CET | Editor: Irina Ionescu | Interview

Roger Burkhardt, Senior Product Manager at Netcetera, provides best practices on how to stay compliant and use 3-D Secure exemptions effectively to minimise friction for your customers.

Exemptions help reduce any friction that SCA may bring to the consumer’s journey. However, merchants don’t always flag out these types of transactions correctly, or they fail to respond to a soft decline, and the issuer doesn’t recognise the exemption. Who can support them in this matter and how?

Netcetera supports merchants and card issuers in the correct application of SCA exemptions with certified 3-DSecure test environments. In August 2020, Netcetera launched a 3-D Secure testing platform together with Mastercard to help merchants prepare for EMV 3DS 2.x requirements and the Mastercard Identity Check programme. The testing platform is based on Netcetera’s proven 3-D Secure Access Control Server and is certified to the latest 3DS 2.2 standard. Merchants now can perform real-time tests including the use of SCA exemptions to improve frictionless consumer experience. Whoever is interested in registering for the 3DS Testing Platform, should check out this page.

The reliability and safety associated with the merchant testing platform launched in August 2020 have led to the extension of the existing partnership with Mastercard for the development of a new 3-D Secure testing platform for issuers. In July 2021, Netcetera launched a new testing platform for card issuers, helping them to end-to-end test the app-based authentication flow. Issuers can register on the platform and use Netcetera’s acquiring services to initiate app-based 3-D Secure transactions and address any problems before operating in a live environment.

When the issuer rejects the exemption requests from the acquirer, what would be the next step?

If the issuer rejects a request for an acquirer exemption in authorisation, the merchant may not send the transaction for approval a second time with a different acquirer exemption. After the soft decline, the merchant must send the transaction first to 3-DSecure authentication and then resubmit the transaction for authorisation. For successful authentication, the issuer may still apply an exemption or perform the cardholder authentication.

Sometimes, hard and soft declines are not related to technical issues but less tech-savvy consumers that are essentially not familiar with digital payments. How can this problem be tackled? 

The merchants and the issuers should offer the consumer a payment process that is simple and as little error-prone as possible. This already starts with the entry of possibly incorrect card data by the consumer. To counteract this problem, the merchant can store the consumer’s card data on the merchant side in a customer account (card-on-file). Another alternative to prevent false card data entries is to offer payments via digital wallets. Not less important is that issuers offer their cardholders simple 3-D Secure authentication procedures that are understandable and easy to use.

Since exemptions can’t be applied in all instances, what methodologies for authenticating cardholders do you recommend that are both SCA compliant and seamless?

In order to provide the cardholder with a seamless and integrated payment experience, Netcetera recommends card issuers to integrate 3-D Secure authentication directly into the issuer mobile app. With an integrated secure app solution, the cardholder confirms the transaction with only a single click in the mobile app. To comply with the requirements for strong customer authentication according to PSD2, the app can be combined easily with biometric identification (fingerprint, face-scan) as a second authentication factor.

Another convenient and SCA compliant authentication method is to use dynamic passwords (one-time passcodes) in combination with a knowledge factor. The delivery of the dynamic password to the cardholder is usually done via SMS but can also be done through other channels such as email or via e-banking.

For consumers who do not have a mobile device, there is a new possibility to authenticate online payments based on the FIDO technology. The users register a FIDO token via a 3-D Secure enrollment page. The token is then linked to the credit card and can easily be used to approve online payments conveniently and securely.

How does Netcetera help increasing knowledge growth for all players – merchants, issuers, acquirers – when it comes to correctly apply exemptions and what solutions does the company have in this matter?

Built on 18 years of experience, Netcetera offers a comprehensive 3-D Secure product portfolio to best support card issuers, acquirers, and merchants. This includes:

  • 3-D Secure ACS

  • 3-D Secure Server

  • 3-D Secure SDK

  • 3-D Secure MPI

  • 3-D Secure Exemption Advisor.

Netcetera’s 3-D Secure products support all SCA exemptions according to PSD2, whereby exemptions can be combined and configured individually according to customer requirements. Netcetera advises all its customers on the integration of the 3-D Secure products and helps finding the best product configuration. As an EMVCo Associate, Netcetera has been working closely with the major card schemes for many years and was involved in the correct definition and specification of the exemptions. Read more and check out our upcoming webinars here:

This interview is part of The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.

About Roger Burkhardt

As Product Manager at Netcetera, Roger has been responsible for products for issuers, acquirers, and PSPs from 2017 to 2020. Since 2021, he is part of Netcetera’s Incubation Team to support a diverse but complementary product portfolio within the Secure Digital Payment Division, in line with the company’s growth strategy.

About Netcetera

Netcetera is a global software company with cutting-edge IT products and individual digital solutions. More than 2,000 banks and issuers, and 150,000 merchants rely on their digital payment solutions and globally certified 3-D Secure products. Founded in 1996, Netcetera has 800 employees across Europe, Asia, and the Middle East.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud detection, fraud management, 3-D Secure, fraud prevention, online fraud
Categories: Fraud & Financial Crime
Companies: Netcetera
Countries: World
This article is part of category

Fraud & Financial Crime


Discover all the Company news on Netcetera and other articles related to Netcetera in The Paypers News, Reports, and insights on the payments and fintech industry: