Digital Economy Blog – 3D secure authentication and fraud

14In 2020, global retail e-commerce sales grew more than 25 percent. This represents the goods purchased or online services of more than two billion people. In the same way, according to ACI Worldwide, the total number of Card-Not-Present (CNP) transactions has increased by 9 percent.

The CNP transactions introduced additional risks for payment processes. As the cardholder is not physically present, it becomes more challenging to authenticate their transactions. Because of that, merchants are losing money with CNP transactions. So, merchants need to implement stronger fraud prevention methods.

What is 3D Secure Authentication?

3D Secure Authentication (also known as 3DS Authentication) is a security and customer authentication protocol which aims to reduce the risk of fraud and illicit activities during CNP transactions. The “3D” in the 3DS name refers to the three domains bridged by the protocol. Each domain refers to one of the parties involved in the customer authentication process.

• Acquirer Domain: the merchant and their bank which will receive the payment
• Issuer Domain: the bank which issues the card to the customer
• Interoperability Domain: the underlying systems that implement 3DS

3DS is used widely in the European Union (EU) because it’s mandated by the Payment Services Directive 2 (PSD2) for online card transactions. 3DS is the implementation of Strong Card Authentication (SCA). The 3DS verification tools vary depending on the card scheme: Verified by Visa, Mastercard Identity Check, Discover ProtectBuy, American Express SafeKey, JCB J/Secure.

How does the 3D secure authentication method work?

The payment process with 3DS authentication looks like this:

• Step 1: cardholder enters the details of payment on the checkout page of a website
• Step 2: cardholder is redirected to its card issuer 3D secure web page
• Step 3: cardholder enters a password or a one-time authentication code. Sometimes there is no need to enter any authentication code or password.
• Step 4: cardholder details are verified by the card provider, and then payment is approved
• Step 5: cardholder is redirected to the main page of the payment

Benefits of the 3DS authentication method

There are numerous benefits of 3DS authentication methods. Below are a few reasons for using 3DS:

• Reducing the risk of fraud and chargebacks for merchants and issuers
• Increasing consumer confidence in online payments
• Reducing the risk of fraud for consumers
• Passing liability to the cardholder issuer bank

Disadvantages of the 3DS authentication method

Besides these benefits of the 3DS authentication method, we can note some disadvantages.

• Decreasing in conversion rates: cardholders can find extra authentication steps cumbersome or the entire process confusing.
• High cost: it’s regarding the implementation cost of the 3DS authentication method.
• Potential for technical issues: this point is related to the potential for technical issues
• There are also some complaints of false declines

Card Non-Present (CNP) fraud

Online payment is more vulnerable to third-party attacks because it’s happening with a lack of face-to-face interaction between the cardholder and the Point of Sales (POS) or merchant website. During the Covid-19 pandemic, e-commerce frauds have significantly increased. Both cardholders and merchants are exposed to CNP fraud. This type of online fraud requires the fraudster to obtain some card details: name of the cardholder, Primary Account Number (also known as PAN or card number), Card Verification Value (CVV), and card expiration date, billing address. There are many types of CNP transaction frauds we can list: Account Take Over Fraud, friendly fraud (Innocent Friendly Fraud, Opportunistic Friendly Fraud, Malicious Friendly Fraud), and loyalty card fraud (hackers, insiders, members).

Sources