The upside of 3DS 2 implemented well? 5%+ more revenue

Although Europe’s revised Payments Services Directive (PSD2) went into effect in September of 2019, the deadline for enforcement of strong customer authentication (SCA) has since been extended, once across Europe as a whole and twice in the UK. These delays are the result of persistent lobbying from merchants and the payments community who feel that SCA will cause them to lose customers in a time when many are hurting from the economic consequences of COVID-19.

This sentiment is not surprising or unwarranted. By Visa’s estimations, SCA could lead to a 30% increase in cart abandonment due to the barriers and friction it places at checkout. And Signifyd’s testing shows the legacy SCA protocol – 3DS 1 – can add 15 seconds or more to the checkout process, a lifetime in ecommerce.

Sentiments aside, beginning January of 2021 European merchants will have to face the music once and for all when SCA compliance becomes mandated. For those who have already implemented 3DS 1, it may be tempting to ignore the looming deadline given the legacy protocol’s compliance with PSD2. However, there is a business case to be made for upgrading to 3DS 2 – get it right and you could be looking at as much as a 6% lift in revenue AND a built in leg up on competitors who don’t.

3DS 1 vs 3DS 2 – What’s the difference?

The 3DS 1 protocol was established back in 2001. At the time, many merchants were unable to process Card-Not-Present (CNP) payments because of the increase in fraud pressure it presented and payment processors' unwillingness to work with risky businesses.

Following 3DS 1, every transaction must be authenticated regardless of risk level. In practice, this means redirecting consumers to a new window in order for them to manually provide additional identity-verifying information – usually in the form of a one-time passcode. In tandem with the roll out of PSD2, EMVCo was commissioned to develop the new and improved 3DS 2 protocol. 3DS 2 comes with a couple of key updates, the biggest being that it differentiates between high and low risk transactions and allows for a number of SCA exemptions based on perceived risk.

3DS 2 is a language that can be spoken well – or not

A recent Visa study tied 3DS 2 implementation to a 70% decrease in cart abandonment and 85% reduction in transaction time. However, it’s not simply implementing the protocol that yields these results; rather, the most successful deployments optimise exemptions and minimise authentication step-ups.

There are two components of a strong payments compliance strategy in particular that merchants will need to get right: Transaction Risk Analysis (TRA) and Intelligent Routing. TRA is a process for assessing the risk of a purchase prior to authorisation by the payment processor. Ability to perform this – and perform it well – requires insight into a consumer’s shopping behavior and past transactional data, which can be next to impossible if a consumer is new to a merchant.

Signifyd’s approach to TRA is predicated on our Commerce Network which includes transactional data from tens of thousands of merchants around the globe. This comprehensive dataset means that 98% of orders sent to Signifyd for review are placed by consumers we’ve seen before and, combined with our machine learning algorithms, allows us to instantly identify fraudulent orders pre-authorisation.

If TRA determines a transaction is low risk, and the merchant has demonstrated a low rate of fraud over time, an exemption can (and should) be requested. Here, again, Signifyd technology comes into play to help us intelligently route orders down the path of least resistance - in this case, one in which no authorisation step-ups are required at all.

But what if exemption qualifications are not met? Are all SCA-bound transactions doomed to poor customer experience and high cart abandonment? Not if authorisation step-ups are performed dynamically, opting for the most seamless route at every stage.

Performing SCA seamlessly gives you a built-in competitive advantage

How you execute SCA has the power to make or break your customer experience. According to PSD2 regulation, if a step-up is required, a customer must verify their identity in two of three ways: with something only they know (ie. a password), with something they possess (ie. a device), and with something inherent to them (ie. a fingerprint or keystrokes). Partnering with a 3DS 2.2 vendor who can perform these additional layers of authentication discreetly, without the consumer lifting a finger, is an essential component of seamless SCA.

Signifyd’s aptly named Payments Compliance solution, Seamless SCA, allows merchants to passively conduct SCA while customers shop on their site, measuring device token information to satisfy the possession element and behavioral and biometric information to satisfy the inherence element. Our built-in 3DS 2.2 capabilities ensure that a merchant’s payment provider and the cardholder’s issuing banks receive the information necessary to authenticate the transaction.

The results are dramatic. After replacing their legacy 3DS 1 implementation, Signifyd customer Emma Mattress recovered an additional 6.4% in revenue thanks to a higher order approval rate and lower incidences of cart abandonment.

The case for 3DS 2 implemented well boils down to a competitive advantage for consumers’ business and the brand loyalty that brings them back for more. Conversely, what’s at risk with remaining on 3DS 1 is even more revenue leakage as customers flock toward competitor sites that offer a more enjoyable shopping experience.

This editorial was published in the Fraud Prevention in Ecommerce Report 2020/2021, the go-to source in securing transactions while offering a frictionless customer journey.

About Ed Whitehead

Ed Whitehead is the Managing Director, Europe, for Signifyd, where he leads
a team dedicated to the expansion and support of Signifyd’s European client base. Prior to joining Signifyd, Ed worked at Gigya, SAP and Experian accumulating extensive knowledge across data and legislation in identity, fraud, ecommerce, and customer experience.

About Signifyd

Signifyd empowers fearless commerce by providing an end-to-end Commerce Protection Platform that protects merchants from fraud, consumer abuse, and revenue loss caused by friction in the buying experience.