November 13, 2018
3D Secure 2.0: A Paradigm Shift
Posted July 3, 2018
As ThreatMetrix launches a new 3D Secure 2.0 solution, we look at how we can help organizations make this shift a success.
As mobile and online payments continue to boom, they are increasingly targeted by fraudsters all over the globe. Today, card-not present fraud consumes more than 7% of retailers’ total annual revenues according to Javelin Strategy. And our own data from the ThreatMetrix Digital Identity Network last quarter found a whopping 88% year-on-year increase in attacks on the eCommerce sector.
3D Secure has been a vital tool in the fight against fraud for merchants and card issuers. First deployed by Visa in the early 2000s, 3DS was intended to reduce fraud and increase consumer confidence by replicating the level of security of a card-present transaction in digital channels through real-time customer authentication.
Of course, a lot changed over the following 15 years—including consumer shopping habits and the adoption of mobile as the go-to way to browse and place purchases. The issues with 3DS have been well documented – primarily that it introduced too much friction into the shopping experience and was not fit-for-purpose for mobile transactions.
At ThreatMetrix, we passionately believe that the onus should not be on the consumer to jump through hoops to prove who they are. Most customers are genuine and should be allowed to transact freely and easily: it is up to the merchants, card issuers and their providers to provide a secure way to do this. As a default, fraud and risk profiling should be invisible to the consumer, with only high-risk transactions requiring additional user intervention.
Introducing eCommerce 2.0
3DS 2.0 has been introduced to address the shortcomings of 3DS 1.0 in the modern eCommerce landscape – looking to help secure payments while offering an improved user experience during the checkout process.
3DS 2.0 is a major step forward because it:
- Enhances the consumer experience by eliminating the tedious sign-up process while shopping through the pop-up screen
- Supports an exchange of additional data during transactions to enable risk-based decisions
- Supports a wider set of devices including mobile phones and other consumer connected devices
This represents a huge paradigm shift from the earlier protocols, as it enables the merchants to integrate the authentication process into their checkout experiences. Issuing banks can authorize payments using richer data in order to make more informed decisions, with no additional steps required by consumers. It also enables a low-friction customer authentication process for non-payment transactions such as verifying identities when signing up for a mobile wallet.
But word to the wise: Making consistent and accurate risk decisions like this at lightning speed requires access to holistic, global and relevant data. And that’s where we come in.
Enter: Enhanced Risk Decisioning
As part of our Summer ’18 Release, ThreatMetrix has launched a new risk engine API specifically designed to support 3DS 2.0 environments, enhancing risk-based decisions for card-not-present transactions.
We can work with the issuing banks, Access Control Server (ACS) providers, and the merchants themselves on transaction risk-scoring, enabling them to make a risk-based decision with confidence.
At the heart of this solution is our ability to correlate information from a consumer’s real-time transactions with historical data from the Digital Identity Network, enabling informed payment authorization decisions with no additional user input—even if it’s the first time the user has interacted with 3DS 2.0.
ThreatMetrix was recognized in the latest Forrester WaveTM for Risk-Based Authentication as the only vendor in the ‘Leader’ category, with the report stating that “ThreatMetrix leads the pack”. Our deep expertise in this area means we are best-placed to help organizations make the transition to 3DS 2.0.
Anyone looking to work with ThreatMetrix on 3DS 2.0 will benefit from:
- Our unparalleled network, which analyzes 110+ million daily transactions
- A privacy-by-design approach that solves the challenge of understanding true digital identity while protecting privacy
- An integrated approach to authentication that flexibly incorporates and leverages real-time event data, historical behavior and third-party signals
In short: The checkout process goes from onerous to effortless, with richer insights to make decisions. In fact, we’re already working with leading card networks, payment processors, merchants and many other global businesses looking to get a head start with 3DS 2.0.
To read more about our latest product release see our press release, “ThreatMetrix Summer ’18 Release Extends Product Offerings to Support 3DS 2.0 Risk Decisions and Adds Champion Challenger Capability”