The 3DS1 (3D Secure authentication protocol) was replaced in October 2022 with a safer and more secure 3DS2, with the latest version catering to user-friendly omnichannel experiences for card-not-present (CNP) purchases. But there have been migration stumbling blocks along the way, leading to customer dissatisfaction, ultimately having a negative impact on ecommerce sales.
We have recently seen an increase in the number of declined transactions for global merchants that failed to properly implement 3DS2 because they are still sending some transactions down the path of 3DS1 for processing. Prior to October 2022, this would have resulted in customers having to perform additional authentication steps (such as typing in one-time passwords) before a transaction was processed. This is no longer technically possible, leading to an immediate decline, leading to spikes in user frustration, with many customers abandoning transactions altogether.
Not too long ago, European ecommerce merchants were struggling to prepare for the inevitable introduction of the revised payments services directive (PSD2) and its requirements for Strong Customer Authentication (SCA) measures in the online payments flow. While a European project, it had major global implications for all companies doing business in the European Economic Area (EEA), meaning compliance was a must. Beyond the legal requirements, it also proved beneficial to adopt SCA to bring down fraud rates. But how do businesses avoid frustrating their customers with authentication friction? By learning from the implementation mistakes seen with PSD2.
Online checkout experiences have always been a battleground. Dominating concerns have revolved around how to retain loyal customers, snap up new ones, seal conversions, and, crucially, ensure a positive and frictionless experience throughout the ecommerce shopping cycle - all while trying to stave off fraudsters. Some merchants chose to ignore anti-fraud system recommendations during time-consuming manual reviews in the payment flow, the aim being to reduce checkout friction and avoid causing customer frustration. This approach has only resulted in making a fraudster’s task easier.
The striking similarities between implementation stumbling blocks for PSD2 and 3DS2 have often been down to the willingness of ecommerce merchants to invest in their IT infrastructure, fearing that the additional time and resources required will outstrip their financial means.
The bonus to merchants that oversaw efficient technical integration of PSD2/3DS2 reported that the costs of doing so proved more beneficial than simply avoiding it. By keeping fraud rates down, merchants remaining well within fraud thresholds imposed by the major PSPs can enjoy exemptions to low-risk and low-value transactions through risk-based authentication (RBA). This is made possible through the deployment of advanced fraud solutions and the latest IT infrastructure and software.
While 3DS2 is not legally required in the United States, nor many other countries for that matter, merchants have been required to comply with the European Union’s SCA principles based on ‘one leg transactions’. Simply put, any entity doing business in the EEA must comply with PSD2. In a world that is increasingly going mobile and consumers expecting more from their online experiences than ever before, companies that cannot keep up with compliance and customer expectations risk seeing a fall in custom and user trust, as merchants see their initiated transactions being blocked by issuers.
One important reason companies chose to apply 3DS2 before any regulations required them to do so is that it has a proven track record of cutting down fraud rates - at a time when cybersecurity and threat actors deploy increasingly sophisticated techniques. Consequently, being preemptive with cybersecurity issues boosts customers’ confidence to share their personal information by creating an account.
It is also important to remember that the United States remains the main target when it comes to stolen credit card details. Therefore, big players in the payment industry wish to effectively combat the risks posed by threat actors. By acting now, companies can make positive steps to not only boost their cybersecurity credentials but also stay ahead of the curve before any new regulations enforce an implementation deadline.
Pain-free 3DS2 migration is made possible through the effective implementation of AI-powered fraud solutions that use behavioral biometrics and fingerprinting to weed out threat actors across all stages of the customer journey - from registration to use of service and beyond, to post-transaction disputes. Automatic and real-time analyses smoothen the online experience for genuine users while putting a stop to any fraudulent activities. To avoid 3DS2 pain points, ecommerce merchants should always seek out anti-fraud providers that have a proven track record with PSD2 implementation.
Patrick is an accomplished sales and partner manager in the payment and financial industry with 10+ years of experience. Prior to joining Nethone, Patrick managed the partnership department at Paysafecard (for Europe and Asia) and later represented the group in Germany. He is also building and executing the business development strategy for sales and partnership teams to establish an international footprint for Nethone.
Nethone is a machine learning-based fraud prevention SaaS company that enables ecommerce merchants and financial institutions to holistically understand their end-users — also referred to as Know Your Users (KYU). With our proprietary online user profiling and AI-powered tools, we can block all risky users without friction to the good ones by exhaustively screening every single one. Nethone is also part of the MangoPay Group, a pan-European provider of platform payment & wallet infrastructure, to offer enhanced anti-fraud capabilities catered to marketplaces and platforms.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now