4 ways merchants can prepare for a global 3DS2
In eCommerce, sales aren’t limited by region. So it’s no surprise that businesses are eager to bring in revenue from beyond their borders. But digital fraud is growing along with eCommerce. To combat the problem, different regions and card brands have created new fraud regulations and technologies. 3D Secure 2.0 (3DS2) is the latest — and largest — fraud prevention technology.
In brief, 3DS2 is a global technology protocol that protects online payments. The major card brands developed the protocol to reduce fraud at checkout. 3DS2 allows businesses to provide strong customer authentication (SCA). And to use 3DS2, merchants must ensure that their payment process works with the protocol. When they use 3DS2, merchants benefit from a liability shift in which they’re not responsible for some fraudulent purchases.
Many merchants assume that 3DS2 only applies in Europe. And it’s true that the European Union began to enforce merchant compliance in January 2021. But the adoption of 3DS2 in the EU should put merchants around the world on notice.
Keep reading to learn how 3DS2 is likely to spread, why it will impact merchants, and how they can prepare.
3D Secure 2.0 and Kount: How a layered solution expands protection and reduces friction
3DS2 requirements will extend beyond Europe
In 2015, the EU passed the second Payment Services Directive (PSD2). The regulation overhauled payment security and took years to implement. Now, merchants are experiencing the full effects: EU merchants must use 3DS2 or face fines. And companies outside of Europe need to protect transactions in the EU with SCA.
“Because this is already a global solution, the trend is that more and more areas are putting it in place,” said Sean Desruisseaux, Kount’s Director of Product, at Kount’s Fall 2020 Digital Protection Summit.
Already, regions beyond the EU are beginning to adopt 3DS2. In some countries, such as Canada, governments have regulated compliance. In other regions, processors may offer a discount to merchants that use 3DS2. And those incentives may become penalties.
“North America may not start fining for non-use,” said Marta Rzeszowska, Moneris Director of Portfolio Product Management, Payments, and Retail Solutions, also speaking at the Summit. “But loss of liability shift will mean higher costs to merchants.”
Potential pitfalls of the 3DS2 protocol
3DS2 is an excellent tool. By implementing the protocol, merchants can reduce fraud liability at the point of payment. This means fewer chargebacks and less inventory lost to fraud. But 3DS2 comes with some important caveats. Merchants that aren’t careful can still lose money and customers.
It creates friction for customers. 3DS2 authentication takes time. Plus, the process isn’t always seamless. To authenticate users, 3DS2 requires two types of evidence: something the user knows (e.g., a password) and something they possess (e.g., an SMS text). Users who have already authenticated on the website can become frustrated. Among customers who abandon an online shopping cart due to friction, 59% are less likely to shop with that retailer again, according to a 2019 451 Research survey.
It costs money. Merchants must pay every time they authenticate a transaction with 3DS2. While the cost of the service may be less than fraud, those costs add up over thousands — or tens of thousands — of transactions.
It doesn’t reduce fraud rates. 3DS2 is great at stopping fraud at the point of payment. But it doesn’t reduce fraud rates. If a merchant continues to send too many fraudulent transactions to 3DS2, its fraud rate will increase. Merchants could be placed in a fraud program, see their decline rates increase, or pay higher processing fees.
It only protects the point of payment. Along the customer journey, users may create a new account, sign up for a rewards account, redeem gift cards, and more. 3DS2 doesn’t protect those interactions. Plus, 3DS2 can’t stop friendly fraud: accidental or intentional fraud by a legitimate customer.
4 ways to prepare for 3DS2 now
3DS2 may not be a mandate in your region yet. But that’s no reason to delay your preparations. With a little legwork, merchants can take advantage of the benefits that 3DS2 offers and avoid the pitfalls.
1. Check your local 3DS2 implementation timeline
Will regulations, penalties, fines, or incentives apply to your business? It depends. Each region operates differently. Acquirers and processors may have unique deadlines, as do major card networks.
For example, the EU began to enforce SCA and 3DS2 with fines at the beginning of 2020. In Canada, the deadline is 2021. And in the U.S., there is no current deadline. However, merchants that don’t comply may see higher decline rates and lose the liability shift. Merchants should contact their payment processors to learn more about rules and deadlines.
2. Reduce fraud before payment and stop friendly fraud
To keep fraud rates down, merchants can identify fraud earlier in the customer journey, before they send transactions to 3DS2. Fraud prevention tools that work in the background can prevent fraudulent accounts. They can also detect account takeover and card testing — all behaviors that can lead to fraudulent payments.
Businesses can also use fraud prevention tools to stop friendly fraud. In friendly fraud, a transaction may look legitimate, but the customer may have a long history of return or policy abuse. 3DS2 can’t catch this kind of fraud. But fraud prevention with access to global identity trust data across verticals and geographies can help reduce friendly fraud and the resulting chargebacks.
3. Distribute friction across the customer journey
In today’s eCommerce, fast shopping is essential. And when merchants remove friction at every step, they’re more likely to earn sales and repeat business. Too much friction at any point — like checkout — can frustrate customers. By layering fraud prevention across the customer journey, businesses can prevent those experiences.
Merchants that depend on 3DS2 for fraud prevention can increase friction at payment. But consider this alternative: When a customer signs in to their account, the merchant’s fraud solution analyzes the email address and device for signs of fraud. As the customer continues to shop, the solution monitors their actions. Do they add items too quickly? Do their movements seem human? What types of items and quantities are they purchasing? It all goes into the analysis.
If the solution suspects fraud, it stops the transaction. If it doesn’t, the customer places a purchase without a 3DS2 challenge. And the merchant gets what it wants: fraud protection and frictionless customer experiences.
4. Implement 3DS2 to use exemptions and avoid declines
Prepare your fraud prevention strategy to use available exemptions. In the EU, even if transactions require SCA, merchants can take advantage of exemptions. These exemptions, called “transaction risk analysis” (TRA) exemptions, let merchants bypass SCA compliance requirements. Merchants that implement a robust fraud screening can skip SCA and reduce friction.
But TRA exemptions aren’t available to every merchant. In addition to the robust fraud screening requirement, merchants need to keep their fraud rates at specific thresholds. If they don’t, they lose the exemption.
Perhaps, most importantly, businesses can adopt 3DS2 early to increase sales. How? Because even if 3DS2 isn’t mandated, processors want the protection. They may decline more transactions for merchants that don’t use 3DS2.
How to use Kount to prepare for 3DS2
Kount’s AI-driven fraud prevention platform meets the requirements for real-time risk analysis, so merchants may be able to take advantage of available TRA exemptions. Plus, Kount can compliment existing 3DS2 solutions by determining when to use 3DS2 authentication.
With Kount, businesses can use 3DS2 only when they need it. The result is a lower fraud rate and fewer expenses. Kount’s platform-level approach also protects the entire customer journey. With protection against account takeover, bots, and friendly fraud, businesses can solve any fraud problem. And layered protection means less friction and more revenue.
Businesses that use Kount can also customize their protection and risk tolerance. They can control the customer experience and reduce fraud at the same time. Kount automates decisions based on billions of identity data points from its Identity Trust Global NetworkTM, providing unmatched accuracy.
Kount can help any business prepare for 3DS2 regulations, reduce cart abandonment, stop fraud, and prepare for global growth.