Voice of the Industry

Towards an effortless migration from 3DS1 to 3DS2

Tuesday 11 April 2023 10:50 CET | Editor: Irina Ionescu | Voice of the industry

Patrick Drexler, Head of Business Development at Nethone, analyses the new opportunities for merchants arising from adopting 3DS2, which include reduced user friction, higher adoption rates, and fraud-free transactions.

The 3DS1 (3D Secure authentication protocol) was replaced in October 2022 with a safer and more secure 3DS2, with the latest version catering to user-friendly omnichannel experiences for card-not-present (CNP) purchases. But there have been migration stumbling blocks along the way, leading to customer dissatisfaction, ultimately having a negative impact on ecommerce sales. 

We have recently seen an increase in the number of declined transactions for global merchants that failed to properly implement 3DS2 because they are still sending some transactions down the path of 3DS1 for processing. Prior to October 2022, this would have resulted in customers having to perform additional authentication steps (such as typing in one-time passwords) before a transaction was processed. This is no longer technically possible, leading to an immediate decline, leading to spikes in user frustration, with many customers abandoning transactions altogether.

PSD2 and 3DS2 - similar migration stumbling blocks

Not too long ago, European ecommerce merchants were struggling to prepare for the inevitable introduction of the revised payments services directive (PSD2) and its requirements for Strong Customer Authentication (SCA) measures in the online payments flow. While a European project, it had major global implications for all companies doing business in the European Economic Area (EEA), meaning compliance was a must. Beyond the legal requirements, it also proved beneficial to adopt SCA to bring down fraud rates. But how do businesses avoid frustrating their customers with authentication friction? By learning from the implementation mistakes seen with PSD2.

Online checkout experiences have always been a battleground. Dominating concerns have revolved around how to retain loyal customers, snap up new ones, seal conversions, and, crucially, ensure a positive and frictionless experience throughout the ecommerce shopping cycle - all while trying to stave off fraudsters. Some merchants chose to ignore anti-fraud system recommendations during time-consuming manual reviews in the payment flow, the aim being to reduce checkout friction and avoid causing customer frustration. This approach has only resulted in making a fraudster’s task easier. 

Unfortunately, the process for merchants hasn’t been easy either. Some global merchants have needlessly given themselves an ultimatum: should security and fraud-fighting come before frictionless customer experiences? Never - you can have both at the same time. In Europe, despite implementation delays and merchant fears, PSD2 has proven to be a success, with 3DS2 being a core part of the drive to bring down fraud rates. However, its success depends on the participation of merchants in the process.

Exemptions as a means to bypass authentication - but with strings attached

The striking similarities between implementation stumbling blocks for PSD2 and 3DS2 have often been down to the willingness of ecommerce merchants to invest in their IT infrastructure, fearing that the additional time and resources required will outstrip their financial means.

The bonus to merchants that oversaw efficient technical integration of PSD2/3DS2 reported that the costs of doing so proved more beneficial than simply avoiding it. By keeping fraud rates down, merchants remaining well within fraud thresholds imposed by the major PSPs can enjoy exemptions to low-risk and low-value transactions through risk-based authentication (RBA). This is made possible through the deployment of advanced fraud solutions and the latest IT infrastructure and software.

On the other hand, merchants with a poor track record of going above accepted fraud thresholds will always be required to perform additional authentication steps. And, if they have neglected to upgrade to 3DS2, their confused and frustrated customers will inevitably suffer from immediately declined transactions. The long-term impact can put a dent in any company’s future profitability, let alone the reputational impact and any penalties or fines imposed for failing to keep fraud rates down.

Catch up or get caught out

While 3DS2 is not legally required in the United States, nor many other countries for that matter, merchants have been required to comply with the European Union’s SCA principles based on ‘one leg transactions’. Simply put, any entity doing business in the EEA must comply with PSD2. In a world that is increasingly going mobile and consumers expecting more from their online experiences than ever before, companies that cannot keep up with compliance and customer expectations risk seeing a fall in custom and user trust, as merchants see their initiated transactions being blocked by issuers.

One important reason companies chose to apply 3DS2 before any regulations required them to do so is that it has a proven track record of cutting down fraud rates - at a time when cybersecurity and threat actors deploy increasingly sophisticated techniques. Consequently, being preemptive with cybersecurity issues boosts customers’ confidence to share their personal information by creating an account. 

It is also important to remember that the United States remains the main target when it comes to stolen credit card details. Therefore, big players in the payment industry wish to effectively combat the risks posed by threat actors. By acting now, companies can make positive steps to not only boost their cybersecurity credentials but also stay ahead of the curve before any new regulations enforce an implementation deadline.

Advanced fraud solutions can ease 3DS2 migration headaches

Pain-free 3DS2 migration is made possible through the effective implementation of AI-powered fraud solutions that use behavioral biometrics and fingerprinting to weed out threat actors across all stages of the customer journey - from registration to use of service and beyond, to post-transaction disputes. Automatic and real-time analyses smoothen the online experience for genuine users while putting a stop to any fraudulent activities. To avoid 3DS2 pain points, ecommerce merchants should always seek out anti-fraud providers that have a proven track record with PSD2 implementation.

About Patrick Drexler

Patrick is an accomplished sales and partner manager in the payment and financial industry with 10+ years of experience. Prior to joining Nethone, Patrick managed the partnership department at Paysafecard (for Europe and Asia) and later represented the group in Germany. He is also building and executing the business development strategy for sales and partnership teams to establish an international footprint for Nethone.



About Nethone

Nethone is a machine learning-based fraud prevention SaaS company that enables ecommerce merchants and financial institutions to holistically understand their end-users — also referred to as Know Your Users (KYU). With our proprietary online user profiling and AI-powered tools, we can block all risky users without friction to the good ones by exhaustively screening every single one. Nethone is also part of the MangoPay Group, a pan-European provider of platform payment & wallet infrastructure, to offer enhanced anti-fraud capabilities catered to marketplaces and platforms.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: digital identity, 3-D Secure, PSD2, online security, digital signature, ecommerce, ecommerce platform, fraud management, fraud detection, online fraud, Card-not-present fraud, identity fraud, payment fraud, CNP fraud, transaction fraud, compliance, cybercrime, cybersecurity, omnichannel, online authentication, multi-factor authentication, two-factor authentication
Categories: Fraud & Financial Crime
Companies: Nethone
Countries: Europe, United States
This article is part of category

Fraud & Financial Crime


Discover all the Company news on Nethone and other articles related to Nethone in The Paypers News, Reports, and insights on the payments and fintech industry:

Industry Events