4 ways merchants can prepare for global 3DS2 protocols
E-commerce doesn’t limit sales by region, so it’s no surprise that businesses are eager to bring in revenue beyond their borders. But digital fraud is growing along with e-commerce.
So different regions and card brands have created new fraud regulations and technologies to combat the problem. 3D Secure 2.0 (3DS2) is the latest — and largest — fraud prevention technology.
3DS2 is a global technology protocol that protects online payments. Major card brands developed the protocol to reduce fraud at checkout. 3DS2 allows businesses to provide strong customer authentication (SCA), but merchants must ensure that their payment process works with the protocol.
When they use 3DS2, merchants can benefit from a liability shift in which they’re not responsible for some fraudulent purchases.
Many merchants assume that 3DS2 only applies in Europe. But the European Union will begin to enforce SCA compliance in March 2022. But the adoption of 3DS2 in the EU should put merchants around the world on notice.
3DS2 requirements will extend beyond Europe
In 2015, the EU passed the second Payment Services Directive (PSD2). The regulation overhauled payment security and took years to implement. Now, merchants are experiencing the full effects: EU merchants must use 3DS2 or face fines. And companies outside of Europe need to protect EU transactions with SCA.
Already, regions beyond the EU are beginning to adopt 3DS2. In some countries, such as Canada, the government has regulated compliance. In other regions, processors may offer a discount to merchants that use 3DS2. And those incentives may become penalties.
“North America may not start fining for non-use,” said Marta Rzeszowska, Moneris Director of Portfolio Product Management, Payments, and Retail Solutions, at Kount’s Fall 2020 Digital Protection Summit. “But the loss of liability shift will mean higher cost to merchants.”
Potential pitfalls of the 3DS2 protocol
By implementing the 3DS2 protocol, merchants can reduce fraud liability at the point of payment. As a result, they can experience fewer chargebacks and lose less inventory to fraud. But 3DS2 comes with some important caveats. Merchants that aren’t careful can still lose money and customers.
It creates customer friction: 3DS2 authentication takes time, and it isn’t always seamless. For example, to authenticate users, 3DS2 requires two types of evidence: something the user knows (e.g., a password) and something they possess (e.g., an SMS text).
Users who have already authenticated on the website can become frustrated. Among customers who abandon online shopping carts due to friction, 59% are less likely to shop with that retailer again, according to a 2019 451 Research survey.
It costs money: Merchants must pay every time they authenticate a transaction with 3DS2. While the service cost may be less than fraud, those costs add up as transaction volumes increase. That makes the protocol all the more expensive during peak seasons.
It only protects the point of payment: Bad actors can commit fraud across the customer journey, not just at checkout. For example, they may commit new account fraud or attempt an account takeover attack. 3DS2 doesn’t protect against those activities, nor does it accidental or intentional friendly fraud.
How to prepare for global 3DS2 protocols
3DS2 may not be a mandate in your region yet. But that’s no reason to delay your preparations. With some legwork, merchants can take advantage of the benefits that 3DS2 offers and avoid the pitfalls.
1. Check your local 3DS2 implementation timeline
Will regulations, penalties, fines, or incentives apply to your business? It depends. Each region operates differently. Acquirers, processors, and major card networks may have unique deadlines. For example, the EU began to enforce SCA and 3DS2 with fines at the beginning of 2020.
In Canada, the deadline was 2021. And there is no current deadline in the U.S. However, merchants that don’t comply may see higher decline rates and lose the liability shift. Merchants should contact their payment processors to learn more about rules and deadlines.
2. Reduce fraud pre-authorization and stop disputes from friendly fraud
To keep fraud rates down, merchants can identify fraud earlier in the customer journey before sending transactions to 3DS2. An AI-driven fraud prevention solution can prevent malicious activity across the customer journey.
Meanwhile, a dispute and chargeback management solution can help them stop friendly fraud. With friendly fraud, a transaction may look legitimate, but the customer may have a long history of return or policy abuse. 3DS2 can’t catch this kind of activity. The right solution can tell merchants about customer disputes as soon as they happen, giving them valuable time to act.
3. Distribute friction across the customer journey
When merchants remove friction at every step of the online customer journey, they’re more likely to earn sales and repeat business. Too much friction at any point can frustrate customers. Implementing fraud prevention across the customer journey can help businesses prevent negative experiences.
For example, when a customer signs in to their account, the merchant’s fraud solution analyzes the device and activity for signs of fraud. As the customer browses and shops, the solution monitors their actions. Do they add items too quickly? What types of items and quantities are they purchasing? It all goes into the analysis.
If the solution suspects fraud, it can challenge or block the transaction. The customer can complete the transaction without friction or a 3DS2 challenge if it doesn’t.
4. Implement 3DS2 to use exemptions
Prepare your fraud prevention strategy to use available exemptions. In the EU, even if transactions require SCA, merchants can take advantage of exemptions. These exemptions, called “transaction risk analysis” (TRA) exemptions, let merchants bypass SCA compliance requirements.
Merchants that implement a robust fraud screening can skip SCA and reduce friction. But TRA exemptions aren’t available to every merchant. In addition to the robust fraud screening requirement, merchants need to keep their fraud rates at specific thresholds. If they don’t, they lose the exemption.
How to use Kount to prepare for global 3DS2 protocols
Kount’s AI-driven fraud prevention platform meets the requirements for real-time risk analysis, so merchants may be able to take advantage of available TRA exemptions. Plus, Kount can complement existing 3DS2 solutions by determining when to use 3DS2 authentication.
With Kount, businesses can use 3DS2 only when they need it. The result is a lower fraud rate and fewer expenses. Kount’s suite of solutions can also protect the entire customer journey, from account creation and login to loyalty redemption, checkout, and payment.
Businesses that use Kount can also customize their protection and risk tolerance. As a result, they can control the customer experience and reduce fraud simultaneously. Kount automates decisions using advanced AI, two types of machine learning, and billions of identity data points from its global network to provide unmatched accuracy.
Kount can help any business prepare for 3DS2 regulations, reduce cart abandonment, stop fraud, and prepare for global growth.