How do merchants manage the increasing convergence of fraud & payments?

Fraud and payments are increasingly intertwined thanks to global payment regulations such as PSD2 in Europe. Our Online Merchant Perspectives Survey revealed that around 70% of fraud teams also manage payments within their business. This makes sense, as it’s key to understand whether fraudsters favour specific methods and how they adapt techniques for different payment options.

Despite this, less than 70% of merchants are tracking fraud by payment method. Knowing more about which methods fraudsters favor would boost merchants’ fraud detection ability and enable more sophisticated ways to catch fraudsters out while minimizing friction for genuine customers.

Merchants tracking fraud by payment data

How do fraud teams track payment data?

We asked merchants about the top three payment methods they saw the most fraud in. Debit cards were top choice for almost 70% of merchants, with non-American Express credit cards and PayPal also top for over half of merchants. American Express credit cards were only in the top three for 38%.

ApplePay and GooglePay are a top fraud method for around a quarter of merchants, even though these methods are often portrayed as low-fraud due to the inherent biometric authentication on most phones.

But we can see this is not always a guarantee of security, and there is still a risk of fraud. While the phone is biometrically locked to a single user, that user can still add any credit card details they choose. Ravelin conducted a series of independent checks of adding new cards to ApplePay and GooglePay wallets, and found that only some banks will verify new cards individually.

Highest fraud on payment methods

Merchants also reported that chargeback challenges on alternative payments like Klarna, ApplePay and GooglePay are least likely to be successful.

GooglePay in particular is seen as the most difficult payment method to win disputes, despite GooglePay stating that chargebacks are dealt with in the same way as credit/debit cards. This may be partly due to the inherent biometric authentication methods used by GooglePay/ApplePay.

Merchant dispute success by payment method

It’s clear that overall, merchants could be monitoring more payment data and using this to learn more about fraud, and improve their detection and prevention. But how does 3D Secure impact all this? Will wider use of authentication (and the all important liability shift) mean that payment data is no longer as important?

Merchants are sending more transactions to authentication

We know that authentication, specifically 3D Secure is increasingly widely adopted, due to advances in technology and increasing global payment regulations. Europe’s PSD2 had been gaining momentum for a number of years, and in Australia AusPayNet released the CNP Fraud Mitigation Framework on 1st July 2019, requiring Strong Customer Authentication on payments when a merchant’s fraud rate is above the limit for two quarters.

Percentage of transactions sent to 3D Secure (2020)

There are some interesting regional variations on the amount of 3D Secure transactions. For example, although there are no national regulations requiring authentication in the US at the time of writing, 8% of US merchants are applying 3D Secure on all their transactions - a larger proportion than in any other country and well above the average.

In Brazil, 3D Secure is mandated for debit card payments, which explains the high percentage being authenticated there. Interestingly, the start of the pandemic overlapped with a reduction in the ratio of fraud to online transactions in Brazil. Mercado & Consumo reported that online sales grew faster than online fraud attempts between January and May 2020, with attempted fraud accounting for 1.5% of transactions, compared to 3.47% in 2019.

It’s understandable that the majority of merchants in all regions increased 3D Secure transactions in 2020. This has likely increased even further in 2021 - RSA reported a 73% rise in 3D Secure transactions globally, with a 26-fold increase in the Americas alone.

Change in number of 3D Secure transactions in the past 12 months

How will widespread authentication impact fraud tools?

We asked participants whether they think that wider use of 3D Secure could reduce the need for fraud tools in the future. Senior-level fraud professionals are likely to agree, however, they are also likely to predict an increase in fraud budgets and team size in the next year, which could indicate that any planned reduction in fraud tools will be in the long-term.

Will wider use of 3D Secure reduce the need for fraud tools?

Why 3D Secure is not a silver bullet

Although increased authentication is likely to reduce fraud, it’s not a perfect, all-in-one solution. Due to poor performance and issues around implementing 3D Secure 2, we strongly recommend merchants do not rely on 3D Secure to manage fraud alone. We are still seeing a significantly high fail rate on 3D Secure in some markets, however it looks like this is improving - stay tuned for an update to our 3D Secure performance tracking on our interactive map.

Regardless of any benefits, 3D Secure still carries financial and increased risk of customer drop-out. Leading merchants will optimize transaction data from fraud tools and advanced authentication techniques to enable frictionless authentication whenever possible. It’s also important to monitor issuer behavior and avoid adding friction whenever possible to maximize acceptance rates. To learn more about how we do this, please get in touch!