Card-not-present (CNP) fraud in the US has grown a worrying 21% in the last six years, even outstripping the 19% growth in e-commerce for the same period. This should be sounding the alarm that financial institutions and merchants are not keeping pace with the rapidly evolving efforts from fraudsters.
In many regions around the world, issuers have employed 3-D Secure 2.0 (3DS2) as one of the more effective solutions to tackle CNP fraud. These efforts are bearing fruit and in the UK, where 3DS has been mandatory for many years, CNP fraud is significantly lower than regions where 3DS has low adoption.
While 3DS2 is a valuable and important tool in the fight against fraud on its own, there are enhancements available today that not only address the ever-advancing fraudster tactics, but also put optimal customer experience at the heart of the security efforts.
Issuers should be incorporating data-based risk assessment tools and modern authentication methods, such as biometrics and frictionless authentication, into their 3DS programmes. Together with 3DS2, advanced risk and authentication tools not only deliver more accurate fraud detection, which translates into less fraud and fewer false declines, but also ensure significantly less friction for a far superior customer experience.
So what’s holding US issuers back from this win-win strategy?
Unnecessary resistance still remains
Many US merchants still suffer from a tainted view of 3DS based on their experience of 3DS version 1, a clunky customer experience that often resulted in false declines and cart abandonment. What’s more, many use 3DS2 as a tool only for high-risk transactions, which prevents issuers from gathering well-rounded data that could inform their risk assessments to more effectively identify risk and dispense the appropriate challenge or frictionless experience.
Sending only high-risk transactions skews the data, and actually allows more fraud to get through on those transactions the merchant didn’t consider high risk causing them to skip the 3DS step. It results in unnecessary declines for transactions that might have been approved with the appropriate risk tools and authentication methods in play. With continual usage, merchants would begin to see more reliable results from authentication and less fraud.
If issuers added the right risk assessment tools, they could more effectively discern between transactions that should or shouldn’t be challenged or declined. Advanced authentication methods like biometrics and frictionless Browser ID are customer-friendly options to authenticate transactions with moderate risk. And for those at the edges of moderate and high risk, issuers can employ identity verification, a liveness face scan considered a higher level of security, increasing the likelihood of fraud detection and approval, if warranted.
Authentication so advanced, customers won’t even know it’s there
Getting started needn’t be complicated and should not be delayed.
Once US issuers have implemented a robust Access Control Server (ACS), combined with sophisticated authentication methods and advanced risk intelligence capabilities, FIs will be in a position to deliver personalised authentication. This will mean they can tailor the most appropriate, customer-selected experience for each of their cardholders improving the likelihood of the card remaining top-of-wallet.
Frictionless multi-factor authentication, using browser ID and behavioral analytics, is both reliably secure and entirely invisible to the customer. This means customer authentication can happen in real-time with many transactions requiring no additional action.
In addition, context aware authentication, which takes into account the customer’s history in other interactions with the financial institution, such as with online or in-app banking, will further reduce risk. If a challenge is warranted, the ACS can access their preferred authentication method for a familiar user experience. All of this optimises the user experience while adding layers of security running silently in the background.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIssuers could help shift the merchant mindset
Issuers have the opportunity to help shift the merchant perception of 3DS2 and the role it plays. When issuers move away from unreliable clunky authentication methods like OTPs, and move toward more advanced authentication methods augmented by risk intelligence, they will help cardholders enjoy a more appropriate and tailored authentication experience with higher payment approvals, all of which means more conversions for the merchant.
Looking ahead, it’s vital that the financial ecosystem continues to work together to find ways to share fraud data across the aisles and remove friction from the transaction experience. The technology and risk intelligence are already there today and continue to get better and better. But issuers still hold the pivotal role in fighting fraud without compromising customer experience. A proactive issuer strategy benefits the entire ecosystem, keeping CNP fraud at bay, while ensuring seamless cardholder journeys and higher transaction success for merchants.
Cathryn Matarazzo is Director, Product Marketing at Entersekt