Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / PSD2
3DS 2.1 or 2.2? When it comes to 3DS it can be hard to keep up. Our Global Payment Regulation & Authentication map uses the latest data to track the rapidly shifting market. Is your authentication strategy riding the waves of change or just getting swept along?
Share this article:
3D Secure (3DS) is the industry standard when it comes to authentication. But that doesn’t mean adoption has been smooth sailing for merchants. Lack of readiness saw an expensive surge in failed transactions and higher cart abandonment rates early on.
In 2023, we’re (hopefully!) now past the days of clunky authentication. 3DS1 is officially over and done with, and 3DS2 developments promise to change the game. And our Global Payment Regulation Map has plotted the course of this journey over the last three years.
We’re now on our fifth update. And this latest version outlines the impact of 3DS for online payments and the success rates that we are seeing. So how can your business use this map to navigate the choppy seas of the payment industry?
The primary data source for the map is the transactions that are sent to our servers by our clients globally. For this report we analyzed over 5 billion transactions over the course of 12 months. This was more than large enough for us to have confidence in the validity of the results.
Over the years we have evolved the data that we report on. This is to keep up with the seemingly constant state of flux in the payment industry. In previous editions of the map we included transactions from every market. But this year we have dropped this down to 11 key countries.
We have also sourced data from the newest version of our Online Merchant Perspectives Survey. The survey asks some authentication-focused questions. And we have included a snapshot of those responses in the wider report.
So how can you get the most out of the map? Let’s break down a sample of the report using the results from Germany to briefly explain our findings.
The original 3DS protocol was created over 20 years ago to protect online transactions. It did this by providing an additional layer of identity verification before authorization. But that was a very different time.
For one, mobile payments weren’t really a thing. So it wasn’t designed with them in mind. It also took users to a third-party site for authentication, which was not ideal. As we all know, too much friction is a nightmare for customer experience and conversion.
Then came the 3DS2 protocols. 3DS 2.1 offers a much more user-friendly experience. The mobile checkout experience is faster and seamless. And the authentication challenge is embedded in the purchase flow. 3DS 2.2 comes with the wonderful offering of frictionless payments and exemptions to SCA on transactions that meet the criteria.
If we look at the results above from the German market, you’ll notice a missing 20%. That would be those authentications that used 3DS1. The protocol was still available in the timeframe of the data we looked at.
These figures have been intentionally left out as we'll no longer be reporting on them. 3DS1 fully deprecated as of the end of last year. So there was little value in reporting on the share of traffic between 3DS1 and 3DS2 this time around.
In 2022 we saw the mass migration from 3DS1 to 3DS 2.1. And in the latter part of the year we started to see the slow adoption of 3DS 2.2. These fluctuations and changes in the industry are reflected in the data.
A significant change in the world of 3DS is the speed at which version are becoming available. And the speed at which old versions are made obsolete. So a one and done approach to 3DS for merchants and PSPs is not an option. You need to stay up on top of changes and compliance requirements to successfully transact without declines.
The latest protocol 3DS 2.3 goes even further than its predecessors. But its adoption is still far beyond the horizon. What 3DS2 version is your business sending transactions through?
The most important stats for many readers will be the success rate of transactions that went to 3DS initially. Authentication success rates are often a sign that customers are getting more comfortable with the process. But they can also point to fraudsters having found a way around 3DS. So it's important that you keep an eye on this.
These are strong success results for Germany. This is especially true considering that 3DS2 is a relatively new protocol for many merchants. If we compare them to historical 3DS 1.0 results – merchants were reporting a 70% success rate.
Here we also look at frictionless authentication. This is where no challenge takes place. The results for German merchants are good, but way below anyone’s definition of friction-free ecommerce. Nonetheless, the numbers are a positive reflection on the adoption and success of 3DS.
The map tracks the amount of traffic sent to 3DS as estimated by the respondents in that country. Disparities between global payment regulations make this a particularly interesting piece of information to track.
We’d expect these numbers to vary greatly as Strong Customer Authentication (SCA) isn’t mandated globally. As is the case in Europe where SCA is required as part of PSD2. So when we look at the results from Germany, the percentage of transactions is lower than we might expect. All transactions should be sent through some sort of authentication.
But there are various other reasons not to request a challenge that are coming to light with 3DS 2.2. These include numerous out of scope transactions and the increased use of exemptions. There is also a possibility that some survey respondents simply underestimated 3DS traffic volumes, which is interesting in itself.
Merchants globally should keep an eye on the impact of SCA in Europe – there are definitely many lessons to be learned.
Global attitudes to SCA differ significantly depending on where you are in the world and where you do business. Some regions are more comfortable with adding potential points of friction than others. Overall though, merchants seem somewhat unconvinced and worry about the impact on conversion.
So are German e-commerce professionals concerned about the impact? The answer is a qualified yes. This isn’t too surprising given the level of change and the predictions of doom at the advent of PSD2. That said the European creators of the directive would probably be very pleased to see a response like this two to three years into its implementation. So maybe things are looking up!
As we’ve already touched upon, exemptions are coming! OK, many are already here. Under 40% of German merchants are taking advantage of the developments that come with the latest 3DS protocols. But we foresee exemption management becoming increasingly relevant. Especially as merchants look to strike the right balance between conversion and compliance.
At Ravelin we see the role of a fraud vendor evolving beyond just working with merchants to prevent fraud. It will also include ensuring that the right authentication and exemptions strategy is pursued. Whether that be through Transaction Risk Analysis and/or the delivery of a 3DS solution for merchants.
Our Global Payment Regulation Map is a part of this. So assess global results to benchmark your business and inform your authentication strategy now.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?