Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Blog / Other
We show you how to set up dynamic 3DS that manages fraud risk with a minimal effect on cart abandonment and user experience.
3-D Secure (3DS) offers an additional layer of security to reduce fraud in online ‘card-not-present’ transactions, where the cardholder cannot offer a signature or Chip & Pin verification. The ‘3D’ term refers to fact that all three domains of card payments are involved in the scheme: the merchant’s acquiring bank, the cardholder’s issuing bank and the card network (e.g. Visa or MasterCard) - read more about this here.
The first 3DS scheme (Verified by Visa) was set up by Visa US in 2001, soon followed by respective security protocols from MasterCard (SecureCode) and American Express (SafeKey). Visa and MasterCard’s 3DS schemes are deployed in over 100 countries and widely used in Europe and Asia-Pacific countries, where they are sometimes mandated. For example, 3DS is required in the online gaming industry in Japan, for e-Commerce purchases in Italy, all Maestro debit cards across Europe and all e-Commerce transactions in India. Although 3DS has its origins in the United States, adoption by US merchants is still in its infancy. This, however, is expected to change as US retailers begin their transition to EMV (chip & pin), shifting more fraud attempts to online channels.
3DS generally requires cardholders to enter a static password for authenticating an online card payment, although authentication methods vary between regions and card issuers and some require dynamic passwords or physical card readers. This offers an additional layer of security and evidence of identification.
For merchants, 3DS offers value by reducing chargebacks, and more importantly, shifting chargeback liability to the acquiring bank. Without 3DS, merchants risk losing the full payment, any goods delivered and a chargeback fee if a customer later claims that they did not make the purchase. However, should a card payment through 3DS prove fraudulent, the security protocol is considered to have failed the merchant and card issuers will generally issue a refund.
This liability shift comes at a cost: on top of the fees card issuers charge for additional authentication (and for picking up the bill when a chargeback comes through), 3DS represents an additional and highly taxing step in the checkout process that can lead to an increased number of shoppers abandoning potential purchases. Just try a quick search on Twitter for terms like ‘3D Secure’ and ‘Verified by Visa’ to get an idea of the frustration caused by usability issues and lack of customer education with 3DS.
Online retailers can reduce cart abandonment to some extent by advising customers that they will be asked to verify their card after checkout, with additional information for customers unaware of 3DS. Integrating 3DS into the checkout process instead of redirecting the customer to an unbranded (and unexpected) verification page can also reduce concerns over authenticity. However, these options are limited for mobile payments.
Some of the key factors that determine how 3DS will affect your conversion rate include:
For more factors to consider when choosing to implement 3DS, see the chapter on choosing the right fraud prevention strategy for your business.
While merchants have traditionally held a binary view of 3DS, either adopting it across all transactions or not at all, a dynamic implementation where you enforce or skip 3DS on a case-by-case basis is usually the best way to find a balance between managing fraud risk and optimising conversion.
The most basic approach to dynamic 3DS is based on rules. Some merchants opt for a rules engine provided by their payment service provider (PSP), and others choose to build their own (see our guide to choosing a fraud solution for more about the merits of using your PSP for fraud protection). The most appropriate rule base will be unique to your business, but will likely include parameters such as the transaction value, transaction currency, billing and shipping country, match between billing and address data and card velocity (how many attempted payments are made in a day with a card). Many merchants also decide to only enforce 3DS on the first purchase made by a new customer and disable it on future purchases once they are confirmed as genuine.
The rules-based approach can be a good way to assess the impact of 3DS on your conversion before implementing more advanced tools. Although better than nothing, it is a simplistic way to reduce fraud risk that carries a high risk of turning away legitimate customers. Rules are also easy to figure out and this method is no match for today’s sophisticated fraudsters. A growing business that relies on card-not-present transactions will require a smarter scoring method.
The most effective use of 3DS is to automate 3DS for certain risk profiles, using a fraud-scoring system that can route certain users with a specified risk score through 3DS using an automated API callback.
Technically-leading fraud scoring engines (such as Ravelin) directly integrate with a client’s websites and applications to get a real-time feed of customer data. From this they monitor user behaviour looking for patterns of known fraud, and provide the client with a probabilistic score of the likelihood of that customer being fraudulent. Ravelin has built machine learning models to provide these scores and a dashboard to explain on a per user basis how these scores were created.
The decision to accept, reject, or review a customer is determined by the client’s own risk thresholds. Using fraud scores, you can automate dynamic 3DS to block high risk transactions (e.g. above 50% fraud probability), while sending medium risk transactions (e.g. 10-50% fraud probability) through 3DS and removing unnecessary friction for low-risk customers. This decision to refer a user to 3DS is handled through an API callback and can be invoked in microseconds. This means only riskier clients are referred to an additional step and it is done with minimal interruption to the buying process. The conversion risk therefore is confined only to a small subset of customers and transactions.
To learn more about PSD2 and SCA visit our insights page.
Alara Basul Head Of Content
6 min read
More from Alara Basul
Share this article:
Blog / News
Buy now, pay later is exploding - what risks could this bring your business? We speak with Nelda Biltauere, Fraud Researcher at Ravelin, about BNPL challenges, costs & strategy.
Grace Proctor, Content Writer
From blocker to revenue enabler, businesses are seeing their fraud teams with new eyes. What has brought about this change? And how can you build on it?
Lola Omo-Ikerodah, Content Writer
Disputes and chargebacks are often viewed as a “necessary evil” in ecommerce. But the pandemic has made them a serious threat to business and revenue. How are you fighting back?
Subscribe to our newsletter to get the latest fraud & payments updates sent direct to your inbox.