Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Other
3D-Secure has gained a reputation as a conversion 'killer' yet merchants are increasingly looking for ways to implement 3DS dynamically so that they can balance the risk of liability shift and conversion.
Share this article:
3-D Secure (3DS) is a controversial security protocol designed to authenticate online ‘card-not-present’ transactions. While it allows merchants to reduce fraud and shift chargeback liability to the issuing bank, many have called it a conversion ‘killer’ since 3DS represents an additional, highly taxing (and often unexpected) step in the transaction process. Even customers used to it will likely not remember their password and many will have to reset it to complete a purchase - read more about this here.
Adoption and customer awareness of 3DS is highly patchy across markets. While 3DS is mandated to some extent in certain parts of the world including India, Italy and Japan, it is basically unheard of in the US where it first originated (although this is expected to change as US retailers begin their transition to EMV, shifting more fraud attempts to online channels). Authentication methods also vary between regions and issuers: 3DS generally requires cardholders to enter a static password for authenticating an online card payment but some issuers require dynamic passwords or even physical card readers. While it is becoming more reliable on desktop browsers, 3DS is still unreliable across mobile devices, especially for in-app purchases, and Ravelin therefore recommends that their clients turn off 3DS entirely on mobile devices.
With these risks in mind, an increasing number of merchants have looked to a dynamic implementation of 3DS as a way of finding a more acceptable balance between fraud risk and conversion.
The most basic approach to dynamic 3DS involves using a rules engine (either provided by your PSP or built in-house) to enforce 3DS for high-risk transactions and skip it for transactions deemed to have a low risk of chargeback.
The most appropriate rule base will be unique to your business, but will likely include parameters such as the transaction value, transaction currency, billing and shipping country, match between billing and address data and card velocity - see the Ravelin Fraud Academy for more information.Although rules can be a good way to assess the impact of 3DS on your conversion before implementing more advanced tools, your decisions with dynamic 3DS will only be as good as the estimates of risk they are based on.
Rules alone are both easy for today’s sophisticated fraudsters to figure out (resulting in false negatives) and carry a high risk of catching legitimate customers (resulting in false positives). A growing business that relies on card-not-present transactions will therefore need a smarter scoring method that gives you the full confidence to switch off 3DS for the majority of your transactions.
3DS is most effective when automated for certain risk profiles, using a fraud-scoring system that can route users with a specified risk score through 3DS using an automated API callback. Advanced fraud scoring engines (such as Ravelin) directly integrate with a client’s websites and applications to get a real-time feed of customer data.
From this they monitor user behaviour looking for patterns of known fraud, and provide the client with a probabilistic score of the likelihood of that customer being fraudulent.Ravelin uses a combination of machine learning algorithms, graph network analysis and business rules to provide a highly accurate score for each user, expressed as a percentage probability of that customer committing fraud.
The decision to accept, reject, or review a customer is then determined by your own risk thresholds to find the most effective balance between fraud risk and conversion for your business.This decision to refer a user to 3DS is handled through an API callback and can be invoked in milliseconds. This means only riskier clients are referred to an additional step and it is done with minimal interruption to the buying process. The conversion risk is therefore confined only to a small subset of customers and transactions.For more tips, see the Ravelin Fraud Academy chapter on balancing conversion and fraud risk with 3-D Secure, or get in touch with one of our fraud experts today.
To learn more about PSD2 and SCA visit our insights page.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?