CNP fraud: the great American 3-D Secure boom starts now

With card-not-present (CNP) fraud expected to top USD 15.3 billion this year, the adoption of the EMV® 3-D Secure (3DS) protocol in North America is set to explode. But card issuers, banks, and merchants may be wondering: how can we leverage 3DS to deliver a friction-free shopping experience without compromising security?

Consider where we are today. According to new research from Outseer and Aite-Novarica Group, total digital channel commerce will top USD 5.9 trillion by 2023. But while digital-channel sales have hit the stratosphere, so has CNP fraud, which is on track to exceed USD 17.2 billion during that same period.   

With loss from this crime mounting fast, organisations are forced to ask themselves: do we throttle up security and risk losing revenues to false positives and abandoned transactions? Or do we prioritize customer experience (CX) and watch fraudsters make off with our profits? 

The good news: it doesn't have to be this way. In the European Union and other regions around the world, the 3-D Secure protocol from EMVCo has emerged as the gold standard in stemming the rising tide of CNP fraud while actually streamlining the cardholder experience. For North America, that means the writing is already on the wall. 

Coming to America: 3DS adoption or else

At Outseer, we continue to observe rapid growth in 3DS deployment across all geographies. During the first half of 2021, the most significant increases occurred in the UK, where 3DS transaction volumes grew to include nearly half (46%) of all CNP transactions. That's up from just 7% in Q3 2020. 

The Strong Customer Authentication (SCA) mandates in the EU's Second Payment Services Directive (PSD2) are helping to drive increased adoption, of course. But thankfully, governments or payment network mandates in regions like Australia and New Zealand (ANZ) are producing similar trends. 

And it's easy to see why. Solutions leveraging 3DS analyse hundreds of risk indicators to silently authenticate customers before a transaction ever happens. In the largest global study of its kind, the Aite-Novarica Group research found that these solutions prevent more than 85% of all fraud loss while reserving step-up challenges for riskier transactions. 

In North America, this isn't just an incentive to expedite 3DS adoption – it's also a threat. When countries across the globe first upgraded to EMV for card-present transactions, fraud attacks migrated to those where chip cards had not yet been widely deployed. The same pattern is expected to play out with 3DS. For the US and Canada, it already is. 

Keeping fraudsters out in the cold 

According to the FTC, reports of credit card fraud jumped 104% in the US last year, after growing just 27% over the preceding two years combined. CNP fraud represents the vast majority of those cases. And it's getting worse. We estimate US CNP fraud loss will total USD 7.9 billion by the end of 2021 – nearly half the USD 15.3 billion in total CNP loss expected worldwide this year. 

To be fair, 3DS adoption in the Americas has been growing at a rapid clip, just not as fast as in the EU. During the second quarter of 2021, a full 37% of all CNP transactions in the Americas were protected by 3DS, up from just 10% in Q3 2020. 

Yet while admirable, it's still 10% lower than the UK and EU. And that makes US-based CNP transactions more tempting targets for cybercriminal organisations out to weaponise an endless amount of stolen identity and credit card information, especially if the chasm grows.  

But there are also a number of other reasons 3DS is about to catch fire in the US and Canada. 

• issuers and merchants doing business in the EU’s USD 300 billion ecommerce market are exempt from PSD2’s SCA requirements – but that could change on a dime;
• regulatory fervour is spreading fast: Mexico, Australia, and others have also started to adopt SCA mandates;
• even if federal regulators drag their feet, it's just a matter of time before states like California (or even Kansas) enact such standards, too.

3DS adoption is also just smart business. According to Visa Research, up to 72% of online shoppers have abandoned a transaction over security concerns. Not only is 3-D Secure proven to safeguard digital channel purchases, but it has also been shown to reduce checkout times by 85% and cart abandonment by 70%. In addition to increased revenue, fewer false positives and less intervention make for better transaction experiences – and more loyal happier customers. 

Coolest of all: North American issuers, merchants, and others can leverage fully-hosted solutions that prevent up to 95% of fraudulent CNP transactions with only 5% requiring challenges. Given the risks and rewards, the ‘Great American 3-D Secure Boom’ had better get started now. 

About Reed Taussig

About Outseer