Our data scientists sourced internal 3-D Secure and other transaction performance data to calculate average rates in 37 countries from across the world. We have also surveyed 1457 merchants on their attitudes and concerns around payments authentication, Secure Customer Authentication (SCA) regulation, and payment fraud. Providing a comprehensive picture of the online payments landscape, the Global Payments Report 2025: Regulation, Authentication, Security was released in October 2024.
Globally, the average 3DS success rate stands at 79%. As one would expect, thanks to PSD2 SCA mandates, Europe is higher than North America with 82% and 61% respectively. The UK tops both the 3DS success rate and challenge success rate charts across the 37 countries examined. However, its frictionless authentication rate is low, at 61%.
We have seen that the global average for frictionless is equally disappointing, sitting at 64%. Are merchants utilising frictionless authentication to its full potential?
There might be numerous missed opportunities. For example, 28% of our surveyed merchants claimed they do not use SCA exemptions during their 3DS flows, despite the majority expressing concerns about the potentially negative impact authentication challenges have on conversion rates.
Merchants have plenty to benefit from developing a deeper understanding of authentication, regulation, and payment flows. This can empower them to deliver frictionless and seamless shopping experiences to most of their shoppers.
It may look like a difficult balancing act between satisfying the expectations of regulators, card schemes, and customers, but a good 3-D Secure provider working merchant-side can be instrumental in making that happen.
At the very least, your 3DS provider should be telling you:
What’s working
Why it’s working
How it’s working
What’s not working
Why it’s not working
What can be improved
Based on this information, you can apply interventions to improve authentication flows. The result is dynamic 3-D Secure, which rewards good customers with frictionless authentication and only applies it when the intentions of the shopper are not entirely known.
What can merchants do to avoid disruption and friction while remaining compliant?
Evaluate the impact on your payment landscape
Try to understand how the new legislation will impact your business. What percentage of payment methods do you have where SCA may be required? Do you have a 3DS provider and do they operate in the region you are looking at? Know your markets
It’s good to learn lessons from other countries, as a merchant or PSP, if you want to get ahead. For example, in Belgium, card was not as popular a payment method prior to the implementation of PSD2 SCA. As a result, more transactions than expected failed because merchants had not prioritised conducting SCA. Share your data – but also take heed
Data visibility is not just important – it can be beneficial and help you identify the advantages against your competitors. You shouldn’t just enforce regulations but use them to your advantage by sharing data with your acquirers, 3DS providers, and issuers.
However, you still need to be careful who you share your data with. Make sure there are benefits to you before you do it, and keep in mind any data minimisation obligations – under GDPR for example. Learn from 3DS data
Data sharing should be reciprocal. The idea is not just to share your data but, where possible, to make full use of the data you receive back to create a positive feedback loop that feeds into your own fraud decisioning, as well as powers future 3DS-related decisions. There’s resilience in optionality
Having multiple payment providers can generate new possibilities for smoother transactions. Do not choose just one PSP – a certain provider might have better support in one area, and another at certain times of the week. Consider multiple providers, and even orchestration to simplify the choice.
A proactive 3-D Secure partner such as Ravelin can work with you to ensure that you are both compliant with SCA mandates and that you are fully leveraging the data exchanged over 3-D Secure servers. Knowing your customers and their payments is key to optimise your system and, ultimately, sell more.
Martin Sweeney is the CEO of Ravelin, an AI-native company that prevents fraud and optimises payments for online businesses around the globe. With a background in software engineering and physics, he believes in harnessing the power of technology to solve real-world problems. Martin co-founded Ravelin to put cutting-edge technology to good use in the fight against fraud.
Aiming to power their secure growth, Ravelin provides technology and support to help online businesses prevent evolving fraud threats and accept payments with confidence. Combining machine learning, graph networks, behavioural analysis, and expert rules, Ravelin is an AI-native fraud prevention company that helps businesses draw deeper insights from their customer data to detect fraud, account takeover and promotion abuse, and increase payment acceptance. www.ravelin.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now