As new fraud threats appear on the online marketplace horizon, major credit card companies are promoting what they deem to be a safer, more secure payment method for cardholders: 3-D Secure®. Standing for “three domains” — the retailer’s bank, the issuing (or cardholder’s) bank and the infrastructure supporting the practice — this global standard gives cardholders and merchants an extra layer of online purchase protection.
By requiring customers to enter an additional password before completing an online transaction, the intention of 3-D Secure is to confirm consumer identities, decrease the risk of fraudsters using cards for online purchases, and reduce the risk of chargebacks.
But is 3-D Secure the promising option it’s touted to be? Let’s break down and evaluate this industry standard to see if it makes sense for your business.
How Does 3-D Secure Work?
Most major card brands now offer cardholder authentication solutions using 3-D Secure technology, including Visa (Verified by Visa), MasterCard (MasterCard SecureCode) and Amex (American Express SafeKey®). This automated detection tool purports to verify the shopper’s identity and authenticate the transaction, which may help participating merchants identify potentially fraudulent transactions before they’re processed.
To complete the checkout process on a participating 3-D Secure site, customers must either provide a previously established password or set up a password through the issuing bank’s website. This automated process adds a missing layer of identity verification to the online checkout process and provides protection for businesses, cardholders and issuing banks against fraud.
4 Ways 3-D Secure Can Reduce Credit Card Fraud Risk
From a merchant’s perspective, the key benefit of this program is that it requires both consumers and card issuers to step up and contribute in the fight against fraud. 3-D Secure does this by:
- Helping to more accurately identify legitimate and fraudulent transactions by requiring the additional password
- Transferring the responsibility for authenticated purchases to the issuing bank — not your business — when a customer disputes a transaction
- Providing some chargeback protection
- Enhancing existing tools that prevent fraud, validate identities, and authenticate purchases
There’s additional benefit to all of this as well, beyond simply minimizing credit card fraud risk. For example, 3-D Secure may also:
- Improve your business’s operational efficiency by reducing the cost of fraud (e.g., a decreased need for dedicated chargeback resources, fewer lost sales, improved brand reputation, and fewer fraud-incurred fees and expenses)
- Increase customers’ confidence in making online purchases safely
- Encourage merchants to target market segments that are associated with increased risk (e.g., international markets) while potentially limiting chargeback risk
5 Ways 3-D Secure Doesn’t Mitigate Risk Exposure
No system provides comprehensive protection against credit card fraud risk; 3-D Secure is no exception. Even if you have the technology of 3-D Secure working for you, you (and your customers) must understand that:
- Cybercriminals may be able to easily reset customers’ 3-D Secure passwords.
- 3-D Secure doesn’t protect the cardholder from data breaches (a major concern among online shoppers).
- Not every issuing bank uses 3-D Secure, so only some issuers’ cards are covered.
- 3-D Secure is not compatible with all credit cards (e.g., anonymous prepaid cards that don’t require registration for use, cards with multiple users).
- Not all merchants use 3-D Secure. When consumers see it on your site, they might appreciate the added level of security – or they might become annoyed with the added steps required to checkout, which risks that they’ll opt to shop at merchants they feel make online shopping easier.
Businesses may also encounter other setbacks with 3-D Secure, including additional costs incurred (such as internal technical development costs) when integrating this program.
It’s worth exploring what we believe is the biggest obstacle standing in the way of 3-D Secure: Ease of use. Consumers flock to online shopping because it’s easy and convenient. 3-D Secure isn’t necessarily either of those. In fact, it adds several steps to the online purchasing process – which puts merchants at risk of irritating their consumers and possibly losing sales.
Consider the steps cardholders must go through with 3-D Secure to make even a simple purchase:
- The consumer must first navigate to their cardholder’s website and go through a lengthy 3-D Secure sign-up process to register their cards, including creating a unique password. The good news is that the consumer needs to do this only once. The bad news is that if the consumer forgets their password, they’ll have to repeat this process.
- Next, the consumer continues shopping on your site. Upon checkout, the consumer must complete a secondary 3-D Secure login procedure. This adds time and complexity to the checkout process.
- The consumer must remember the 3-D Secure password every time they shop on your site. If the consumer also shops on sites that don’t use 3-D Secure, there’s a greater chance that the consumer will forget their password and need to start all over with the 3-D Secure process.
Ultimately, the time-consuming process for logging in and resetting forgotten passwords may encourage customers to take their business to a merchant with a low-friction checkout process. And that’s a risk no merchant wants to take.
In fact, customers are publicly sharing their displeasure with 3-D Secure and increasingly abandoning their carts instead of completing transactions.
A March 2015 survey of 4,500 airline and travel online stores found that although 49% of respondents experienced a significant drop in chargebacks after implementing 3-D Secure, 61% reported an increase of more than 10% of their drop-off rates. That data is sure to give any merchant serious pause.
Evaluating 3-D Secure as an Effective Risk Protection Strategy
With card-not-present fraud expected to be nearly four times greater than point-of-sale card fraud by 2018, merchants must find ways to minimize the credit card fraud risk associated with online transactions.
3-D Secure was created by card issuers to ensure every customer checking out is the true and rightful cardholder. Although this verification may help to deter fraudsters, it also complicates the online checkout process.
Given the pros and cons, does 3-D Secure make sense for your online marketplace? As you make your decision, remember to:
- Weigh the risks. Don’t focus solely on conversion rates or revenue. Instead, consider your current chargeback rate, fees and personnel expenses, and the work involved with resolving chargebacks.
- Evaluate your profit margin. Fraud affects your bottom line the most when margins are slim. Do you sell high-ticket items? These may be more vulnerable to fraud.
- Examine your overall shopping experience. How easy is it for consumers to navigate your e-commerce site?
Increasing your customers’ confidence in you and the security (and simplicity) of your online marketplace can help you build your brand, grow your e-commerce sales and reduce your fraud exposure. You may want to consider 3-D Secure as a flexible part of your overall fraud management effort that can be used when risk factors warrant its use – but only if you’re confident in your overall online customer experience.
3-D Secure is not your only option when it comes to online fraud protection. To learn more about other ways to protect your business and your profits, talk with one of our fraud analysts. Email us at firstname.lastname@example.org to get started today.