By Jennifer Singh
Consumers today are spoiled for choice – which clothes to wear, gadgets to buy and payment networks to use to acquire these goods. The competition is tight for merchants and issuing banks, who must do everything they can to deliver an unforgettable experience and ensure repeat business isn’t threatened. This includes having a security strategy in place to protect the consumers, issuer, and merchant before, during and after a fraudulent card-not-present (CNP) attack.
3-D Secure emerged as a solution to enable authentication through payment networks, such as Visa, Mastercard or American Express when making CNP purchases. What used to be a massive point of friction in the e-commerce experience ultimately failing businesses and consumers, has come a long way since version 1.0. Its comeback focuses on a new approach to authentication, including a wider range of data capabilities, biometric technology, and improved user experience.
The major difference is the addition of a risk-based authentication (RBA) engine. Through effective risk-based data modeling, the protocol removes the consumer from the equation and subsequently sets the stage for a vastly improved experience. The only caveat aside from user experience is that RBA brings its own set of complexities which should not be overlooked.
The Trials and Tribulations of a Data Overload
As with any model, the more data that can be collected, the better. In 3-D Secure’s case, merchants can share much more data than before, which ultimately allows issuers to improve their authentication models over time. The benefit is that when CNP transactions are evaluated with better accuracy, there is less friction in the purchasing process for the consumer as more transactions are authorized out of sight.
Getting to the point where improved customer experience is delivered can be the challenge in itself. To start, there are four different types of data that can be shared: transaction and consumer data, authentication data, merchant data, and device data. Moreover, not all data points are required or conditional, meaning merchants can choose what, if anything, they want to pass on to the issuer. Risk models are developed based on the expectation of access to specific types of information. When that information is not shared or is incomplete, the model is rendered useless.
The Merchant’s Role in Preventing Skewed Results
There is a disconnect between merchants and issuers that also must to be addressed in order to improve outcomes across the entire ecosystem. The fees of sending e-commerce transactions through 3-D Secure are more expensive, meaning there is little or no incentive to do so outside of those transactions that are already viewed as suspicious or high risk.
In this instance, the model is being fed skewed data, which limits its capabilities in preventing instances of fraudulent transactions. Issuers, therefore, need to put a bigger emphasis on helping merchants envision the long term value of this added cost. In a perfect world where merchants send all their transactions through 3-D Secure, there would be a reduction in system-wide fraud, false positives, checkout times and cart abandonment – all cost-effective benefits that lead to higher profits and brand loyalty for merchants and banks.
We still have a long way to go until merchants are entirely on board, but in the meantime, issuers need to tune their authentication models correctly. There are ways to navigate the unknowns regarding data collection, one being to create different models for various types of vendors and using them interchangeably. If an issuer is willing to deploy sophisticated machine learning algorithms, another option is to create a flexible model that can adapt given the type of data it ends up receiving. Whatever issuers decide, they definitely have their work cut out for them, but the benefits of 3-D Secure are too valuable to pass up in the face of a constantly evolving battle against fraud.
About the Author
Jennifer Singh, Director, Channel Partnerships – North America Entersekt.As an innovator and community builder, Jen has grown technology businesses from ideation to scale. Jen currently leads channel partnerships for Entersekt’s North American business, driving adoption of the company’s digital banking and payment solutions. Prior to Entersekt, Jen founded the digital identity solutions group at Thomson Reuters, an incubated business venture focused on the development of new identity verification and authentication services. She is a key evangelist, author and featured a speaker on topics such as digital innovation, cybersecurity, fraud prevention, and disruptive technologies. Jen supports her local community by leading the House of Genius Atlanta, hosting the Rebel Women breakfast series and sitting on the Founding Partner Board for The Lola.