3D Secure (3DS) is an additional layer of security for online credit and debit card payments - the most well-known examples being Verified by Visa, Mastercard SecureCode and American Express SafeKey. At the final stage of checkout it asks the buyer for a password so the bank can authorise the payment.
Ravelin found that across millions of transactions between February and March:
- 3DS authentication took an average of 37 seconds
- 91% of payments cause friction taking over 5 seconds to authenticate
- Acceptance rates of the top 20 global banks by volume range from 68-92%
- 3DS with improved user experience still lost 19% of payments
For all its good intentions, 3DS is notorious for bad user experience and the clunky interface can even make customers feel less secure paying online. The frustration of an extra password carries dangerous risks of customer drop off and lost revenue for online sellers.
The new technology promises to be much better. 3DS 2 is launching on April 19th, ahead of the Second Payment Services Directive (PSD2) coming into force in September. PSD2 requires nearly all payments in Europe to have two-factor authentication and makes online payment providers legally responsible for keeping fraud rates low across all their online sellers. To manage fraud and maintain acceptance rates, qualifying payment providers can conduct real-time risk analysis on all payments - read more about this here.
This risk analysis will be crucial. 3DS 2 enables payment providers to send much more data to the customer’s bank, like device and order history. The bank can use this data to recognise the customer instead of asking for a password every time. This version will also give customers more flexible ways to authenticate, such as by thumbprint, app-based authentication or a one-time password.
However, 3DS 2 won’t be a silver bullet for online merchants and payment providers. Ravelin found that even forward-thinking banks who have already implemented one-time password and app-based verification still lost 19% of transactions through 3DS.
Ravelin Head of Product, Mark Barlow says “It’s clear that improved 3DS 2 user experience alone is not enough to maximise acceptance. The huge differences between banks highlights that merchants will need to get smart about how they manage low-risk exemptions to the [two-factor] Strong Customer Authentication requirements.”
Ravelin Accept combines machine learning powered risk analysis with issuer intelligence and 3D Secure authentication as a complete toolkit to comply with the upcoming revised Payment Services Directive (PSD2). This empowers merchants and payment providers to maximise payment acceptance while keeping fraud rates low. To find out more, visit the Ravelin Accept page or get in touch with us today.
