There’s an arms race in the digital payments industry, with security experts constantly trying to stay one step ahead of increasingly bold cybercriminals.
This trend is especially pronounced in the e-commerce world, given the anonymity that online shoppers enjoy. That last sale could have originated from a legitimate cardholder, or it could have come from a hacker on the other side of the world.
A host of fraud prevention measures exist to help mitigate these risks — from tokenization to hosted payment pages to fraud management filters. As powerful as these security steps are at reducing fraud, they can’t help “authenticate” anonymous transactions.
Thus, the impetus for the introduction of 3-D Secure.
What Is 3-D Secure — and How Does It Work?
3-D Secure is essentially a type of two-factor authorization that allows merchants, banks and credit card processors to verify the identity of cardholders (especially online).
This security measure goes by different names — including Mastercard SecureCode, Verified by Visa and American Express SafeKey — but the basic concept is the same:
- When shopping online, a customer enters the usual payment data (e.g., credit card numbers, CVV code, billing address, and expiration date).
- If your store is configured for 3-D Secure, the transaction doesn’t immediately process. Instead, your payment processor checks with the issuing bank to see if the user’s card is enrolled in the 3-D Secure program.
- If so, that customer must enter an additional password or one-time PIN that his/her card-issuing bank verifies.
- Once the payment has been authenticated, the transaction goes through and the sale is complete.
This multistep process helps to make online transactions more secure for all parties. As a merchant, 3-D Secure also helps to reduce chargeback fraud since customers must double verify each transaction.
Although a strong effort in the fight against cyber fraud, this two-factor authentication adds friction to the process, forcing users to jump through multiple hurdles to complete a sale. To participate in 3-D Secure, customers must deliberately opt into the program, which could be an obstacle, as well.
3-D Secure version 2.0 was designed to fix this.
How Does 3-D Secure 2.0 Work?
The goal of 3-D Secure 2.0 is to make authentication as seamless and hands-off as possible. The first step involves making program enrollment automatic. Customers no longer have to register for protection. The security feature is hard-baked into the card.
The next step involves leveraging real-time information sharing to develop a risk assessment of every transaction. During the checkout stage of an online purchase, your e-commerce store sends the banks and payment processor information regarding the location, device, payment history, and shopping behavior of the user.
If the purchase looks legitimate, the sale goes through. If it looks suspicious, the user will be prompted for a password or PIN (as with previous versions of 3-D Secure).
All of this happens instantaneously behind the scenes, with virtually zero disruption for the user. The improvement’s potential impact for merchants is huge. Given how short online attention spans are in today’s digitally connected world, every millisecond counts.
To wit, Visa estimates that with version 2.0 of 3-D Secure:
- Checkout times will decrease by 85%.
- Cart abandonment rates will go down by 75%.
With the benefit of enhanced security, 3-D Secure 2.0 can help customers shop online with much greater confidence.