The 3D Secure protocol is widely recognized for its benefits in providing additional security for online card-not-present transactions, thereby increasing shopper confidence and protecting merchants against financial liability. However, before implementing 3DS, merchants should consider several factors.
One major concern for merchants is the potential impact of 3DS on conversion rates. While some merchants may blame 3DS for a drop in conversions, the relationship between 3DS and conversion rates is complex and influenced by various factors.
For example, research has shown that the impact of 3DS on conversion rates varies by market. Implementing 3DS in countries like Russia, India, and the UK has been found to have a positive effect on conversion rates. However, in other countries such as Germany, France, and the US, enabling 3DS on all transactions can negatively impact conversion rates. When applied only to certain segments, 3DS can actually increase conversion rates.
Transaction size is another factor that can affect conversion rates. High-value transactions carry greater risk and may be more likely to be declined, which can result in a drop in conversion rates. The impact of 3DS on conversion rates for mobile transactions may also be influenced by the user interface, but the industry has developed solutions to improve the customer experience on mobile devices.
First-time users who land on the 3DS authentication page may perceive it as a security threat and abandon their purchase. However, this issue can be addressed by providing educational resources such as FAQs and explanatory wording during the checkout process.
Liability shifts
When implementing 3D Secure, merchants must understand the liability for fraudulent chargebacks and when the responsibility shifts to the card issuer. Generally, the point of a liability shift is the same across most transactions.
Visa and Mastercard have five main scenarios for transactions after 3DS verification:
- Authentication successful
- Authentication attempted
- Authentication failed
- Authentication unavailable
- Error
If authentication is successful and a fraudulent transaction occurs, the liability shifts to the card issuer. If authentication fails, the service provider is liable. The same applies when authentication is unavailable, and there is no liability shift. If authentication is attempted, the liability shifts to the card issuer. However, if an error occurs with authentication, the merchant remains liable.
The main difference between Visa and Mastercard is in 3DS enrollment. If a card is not enrolled in 3DS, Visa takes responsibility for any fraudulent chargebacks, while Mastercard holds the merchant liable.
These rules can be complex in determining liability, so merchants are advised to check with issuing banks for specific terms related to liability shifts.
Adaptability to the changing marketplace
As more and more people use mobile devices to browse and shop online, the marketplace is rapidly changing. However, the 3D Secure protocol, which was introduced through Verified By Visa in 2001, was not designed with mobile devices in mind. When the 3DS page loads on a mobile device, it can take longer than on a desktop site. Additionally, viewing the 3DS authentication page on a mobile device can cause design functionality issues, making it difficult for customers to enter characters into the required boxes.
The 3D Secure industry has recognized these challenges and has implemented solutions to improve the customer experience, such as reconfiguring customer-facing pages and implementing risk-based authentication. Despite these efforts, merchants should keep in mind that implementing 3DS may still cause compatibility issues with mobile devices. Nevertheless, 3D Secure is valuable in preventing fraud and shifting liability, making it an important consideration for online merchants.
Research on providers
When considering a 3DS vendor, it is crucial to conduct thorough research and due diligence. Merchants must be able to track transactional data, including the number of times customers was presented with the 3DS verification page and the percentage of orders protected, to gain valuable insights into customer behavior and provide fraud analysts and banks with important statistics on potential fraudulent activities.
Merchants should also ensure that the chosen vendor supports the current version of 3DS and the upcoming 2.0 version. Failure to support 3DS 2.0 may result in merchants repeating the entire process when the protocol is fully rolled out.
Additionally, easy integration with the merchant’s e-commerce platform is crucial to avoid lengthy and drawn-out processes leading to downtime and loss of customers and sales.
Each business has unique needs, and the qualities merchants look for in a vendor may vary. However, it is essential not to rush the process and skip due diligence, as this can result in costly mistakes.
Good implementation practice
Implementing 3D Secure involves several good practices that merchants should consider. The first is educating customers about the process to alleviate any uncertainty they may have about the authentication process. Merchants can achieve this by including an extensive FAQ section and using prominent wording in the checkout process to explain the benefits of the verification process. It’s also essential to inform customers that there will be no additional fees and to warn them not to use the “Refresh” or “Back” buttons during the process.
Secondly, merchants should consider dropping 3DS authentication for certain transactions where the cost of losing conversion rates outweighs the benefits. A rules-based approach can be used to determine when to bypass the verification process based on factors such as country, currency, and transaction value. However, this should be carefully considered, as the primary purpose of 3DS is to protect customer money.
Finally, when implementing 3DS, merchants can choose to open up the authentication on a new page or embed the frame into the checkout process. Best practice suggests using frames that are in line with the merchant’s branding and included in the page URL, rather than the issuer bank’s branding. Research conducted by Visa has shown that this approach has a positive impact on authentication rates.
Conclusion
There is no one-size-fits-all approach when it comes to implementing 3D Secure, as the process will vary depending on the specific industry that merchants are operating in. However, there are some general guidelines that can make the process less daunting.
Merchants should keep in mind that a strategy that works well today might not be suitable tomorrow, especially with the introduction of the 3DS 2.0 protocol. By opting for a customizable strategy that can be re-evaluated in the future and working with an experienced vendor, merchants can streamline their payment authentication solutions. This will not only help protect their customers from fraudulent transactions but also safeguard their own business interests.
