According to Visa, the enhanced 3DS protocol (3D Secure 2.0) will reduce checkout times by 85% and card abandonment by 70%.
A big part of the development of 3D Secure 2.0 has been driven by mobile adoption. It’s rapidly becoming the largest online shopping and payments medium.
Unfortunately, it’s also becoming the largest target area for fraudsters.
The value of payments done through mobile devices will reach US$1 trillion in 2019 with mobile wallets expected to become more popular than debit and credit cards by 2020.
However, security is a big concern. In a press release about the new protocol, senior vice president at Visa, Mike Lemberger, said “Authentication technology has come a long way since the days of magnetic stripes and signatures. As the way we make payments has changed, so too has the need for innovation to keep transactions secure. The vast majority of Europeans have used a mobile device to make payments, but fraud and security concerns remain the number one deterrent”
70% of American users say security is their biggest worry when making mobile payments while almost 50% of cybersecurity professionals are sceptical about the safety of mobile payments.
A mobile-first strategy from the EMVCo developers therefore makes perfect sense and it’s easy to see why 3D Secure for mobile is a big deal.
The 3D Secure protocol is one of the biggest growth factors behind eCommerce adoption. When online shopping became popular, 3DS instilled confidence in online shoppers, giving them an additional layer of security for their online payments.
It also offered merchants a shift in liability to the card issuer and the cost per transaction were significantly reduced.
The only drawback is that when the original protocol was released, it did not cover mobile payments.
The first iPhone was released in 2007, coming 6 years after Visa introduced 3DS through Verified By Visa in 2001.
This means there were issues with page loading speeds when 3DS were run on mobile devices and some users were unable to view the 3DS authentication page on their device.
Although the 3D Secure industry has acknowledged these compatibility issues by implementing solutions like improving customer-facing pages and applying risk-based authentication, it doesn’t take away from the fact that the original code was not designed for mobile payments.
When the mobile became a device to browse and utilise the internet, it revolutionised most industries as we know it.
Many developers jumped at the opportunity to make their product or service compatible with mobile devices.
There are currently around 2.1 million apps on Apple’s App Store and Google Play has 3.4 million apps for Android.
If we look at something simple like photography, good quality cameras were once the toys of professional photographers only. However, it’s now estimated that around one trillion photos are taken by mobile devices every year.
So with mobile taking over every aspect of our lives, and payments especially becoming more prevalent on mobile devices, 3D Secure 2.0 has the potential to make a significant impact, especially with in-app purchases and digital wallet integration.
The original protocol did not facilitate this and was designed for cardholder authentication in online sales through web browsers only.
Since the release of 3D secure 16 years ago, there’s been no mobile-friendly issuer authentication put in place.
3D Secure 2.0 not only addresses this problem but will also improve the user experience as a whole.
Issuer approved authentication has always existed, but with improvements on the original protocol, like enhanced risk-based authentication and removing static passwords, 3D Secure 2.0 will provide merchants and issuers with added security in their fight against fraudulent transactions.
This is especially true when it comes to the extra support and focus on mobile payments.
A big development towards the mobile-friendly 3D Secure 2.0 is the SDK (Software Development Kit) which provides for most of the 3-D Secure functionality, including user authentication and collection of device data.
This will help merchants to easily integrate the new protocol with their already existing mobile applications. Specialist 3D Secure vendor SDK’s will be able to assist merchants to implement the authentication protocol for their apps on multiple platforms, like Android and iOS.
One of the most important aspects of 3D Secure is the amount of transactional data it can provide to merchants regarding the purchases that are made through their platforms. This data is very valuable for transactional analysis and can be used to see how many authentication challenges were requested and where the biggest risks lie on the ones that were declined.
The SDK will allow for the exchange of more rich data between issuers and merchants. The original protocol only contained a handful of relevant fields that were gathered during the authentication process.
The information is very limited from an analytics point of view and didn’t give issuers much insight. For merchants it’s even worse as transactional data are captured through the user’s browser and didn’t go through the merchant’s platform.
With 3DS 2.0 the focus is on transparency that will allow merchants to share the data they capture with issuers, and vice versa.
Why is this information sharing important? It will greatly improve the risk-based authentication process, allowing for an immediate decision on whether to allow or challenge a transaction. Both parties can share valuable insights with each other on transactional patterns which will further help merchants and issuers to identify and reduce risks more effectively. The aim is to reduce the actual authentication challenges to 10% of transactions through a risk-based method.
The SDK will also provide for native authentication screens which will help the 3D Secure interface to integrate seamlessly with the merchant’s mobile app.
With the current version of the protocol, users are often navigated away from the purchase page when being challenged for authentication. However, that raises a red flag with shoppers and can cause them to abandon the purchase.
By using native authentication screens, merchants can ensure that the authentication process looks and feels consistent with the rest of the in-app purchase process. If shoppers are challenged with a biometric authentication whilst still in the merchant’s app it will likely just feel like a valid security measure, making them less likely to drop the purchase.
There are numerous benefits to the new 3DS 2.0 protocol, especially from a mobile payments standpoint. The improved design dramatically increases the user experience on mobile devices by being fully compatible with mobile wallet applications and in-app transactions.
It moves users closer to a frictionless payments experience while allowing merchants to keep shoppers safe under additional payment channels.