3DS 2.0 To Help Merchants Increase Online Revenues

May 17, 2017         By: Tim Sherwin

Digital commerce has come a long way in the past 15 years. We have moved from a time when nearly all digital transactions were conducted using desktop PCs and Internet browsers to one in which digital commerce is transacted over a myriad of devices and apps, even including digital assistants making purchases using IoT devices. With online transactions currently representing about 12% of the trillions of dollars in retail sales annually, the potential for growth of the global digital economy seems limitless.

Meeting the needs of consumers, merchants and the card issuers in this rapidly evolving world is critical to achieving that potential. One of the key factors that will help drive the growth of digital commerce is improvements in the payment and checkout experience. An important component of that experience is the authentication process.

Authentication is the means by which merchants and banks determine that a person attempting to make a digital transaction with a credit or debit card is in fact the holder of that card. Today, most credit/debit card issuers are relying on an updated version of the original authentication protocols that were developed in the early days of digital commerce. Called 3-D Secure or 3DS, this set of authentication protocols establishes the standards by which card-issuing banks and merchants communicate to verify that the person conducting the transaction is the cardholder.

Although the underlying, fundamental purpose of 3DS was sound — creating a real-time authentication process online —  its implementation resulted in a lot of friction around the checkout process, and so merchants have been hesitant to deploy it. In addition, the original protocol lacks provisions for mobile, in-app or IoT transactions and includes limited cardholder information.

But a new authentication protocol, aptly named 3DS 2.0, was recently finalized through EMVCo, the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV specifications and related testing processes. EMVCo is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates. The new 3DS 2.0 standard is a giant leap forward for digital commerce.

3DS 2.0 is designed to vastly improve cardholder authentication, and in so doing, improve the digital checkout and payment process. The old standard created a consumer authentication process where card issuers could interrupt the checkout flow, shifting consumers to the card issuer’s site to enter passwords or answer knowledge-based questions (mother’s maiden name, address, etc.). The new 2.0 protocol allows the merchant to retain control of the transaction even when the card issuer requests more information to approve a transaction. With 2.0, almost everything happens in the background, creating a smooth, friction-free and safer checkout process for the consumer. If the issuer would like to challenge, the merchant will have the choice and control to decide if they want to proceed with the challenge or bypass authentication.  Such challenges must be dynamic; for example, a one-time-password.  The result is expected to be fewer false positives, authentication-caused abandoned shopping carts, lost transactions and frustrated consumers.

As important as frictionless transactions are, 3DS 2.0 also provides a secure and effective authentication process for mobile devices and in-app purchases from smartphones, tablets, gaming devices, smart TVs and digital assistants. As with the browser-based transaction, this new 2.0 process helps make mobile transactions fast, easy, safe and friction-free for the consumer, merchant and card issuer. For merchants, implementation of 3DS 2.0 means the elimination of chargebacks. This is particularly important for sellers of high-value items where even a few chargebacks resulting from fraud could be financially devastating.

Finally, 3DS 2.0 will help eliminate a major problem that creates a drag on the growth of digital commerce — false positives. Each year, around $118 Billion in legitimate transactions are lost because they are declined by merchants or card issuers. These false positives frustrate consumers, and cost merchants and card issuers billions in lost revenue. 3-D Secure 2.0 uses a richer, more useful set of data to authenticate consumers in the background during the transaction process, with the information transfer occurring in milliseconds in a secure channel that speeds the approval process. As a result, legitimate cardholders will be approved quickly, while cyber criminals will fail the challenge or be declined immediately.

To make this a reality, merchants and card issuers need to adopt 3DS 2.0. For merchants, implementing 3DS today will prepare them for 2.0 as card issuers (banks) are onboarded with the new standard over the next few years. For card issuers, upgrading to the 2.0 standard will give them a competitive advantage with merchants and consumers over banks that have not done so.

Change comes slowly to any system as large as the card-not-present payment system, so we can expect to operate for many years in a mixed environment with both the old and new standards. But it is time for the transition process to begin. (We are already seeing some card issuers implementing pilots and proof-of-concept tests of the 2.0 protocol.) Not only will 3DS 2.0 enable a smoother, easier and more secure online authentication, payment and checkout experience for consumers, it will help merchants and card issuers increase revenues, while simultaneously improving customer satisfaction.

About the Author

Tim Sherwin is Co-Founder and Chief Executive Officer of CardinalCommerce. Under Tim’s leadership, Cardinal has become the leader in enabling authenticated payment transactions in the eCommerce, mCommerce and other remote commerce markets. CardinalCommerce is a wholly-owned subsidiary of Visa Inc. Tim has more than 20 issued and pending patents related to secure payment processing, mobile payments and tokenization. Tim is a frequent speaker at industry events. He is a member of EMVCO and consulted extensively with them during the development of the 3-D Secure 2.0 specifications.