You are here

3-D Secure 2.0: Worthy of All the Buzz?

A couple weeks ago at Money 20/20, my co-presenter (Brian Byrne from EMVCo) demoed the new-and-improved version of 3-D Secure (3DS) to a packed house of payment industry professionals. There’s been a renewed industry interest in 3DS leading up to this launch—I’ve received more inquiries from clients about 3DS in the past six months than I have in my entire six years at Aite Group. So the big question is, will we see a big incremental adoption of 3DS 2.0?

For those who aren’t familiar with it, 3DS is a protocol designed to bring additional security to card-not-present (CNP) transactions (for more detail on 3DS, see Aite Group’s report Not Your Father’s 3-D Secure: Addressing the Rising Tide of CNP Fraud). In its initial incarnation, 3DS was viewed by many merchants as a sales-prevention tool rather than a fraud-prevention solution due to its clunky user experience; however, the payment networks and enabling vendors have made substantial changes to the process over the past few years, and the current solution is much improved. There is a juicy carrot for merchants who choose to invoke 3DS for their CNP transactions: Any fraud that occurs becomes the issuer’s responsibility.

The new version of 3DS promises to bring further improvements, including the following:

  • An improved transaction flow for the consumer, removing unnecessary latency
  • Elimination of the network-level static password, which causes friction for consumers who forget it and is increasingly ineffective, given the large number of passwords compromised in data breaches, combined with the fact that the majority of consumers use the same password across all of their online relationships
  • Creation of a mobile-friendly 3DS solution, in recognition of the rapidly growing percentage of transactions that are initiating from the mobile app
  • Enables merchants to opt out of 3DS at any point during the transactions
  • An enriched data flow between the merchant and issuer, which provides more customer and device data that can be used to model the transaction risk

The enriched data flow is actually a really big deal. Not only can this help with better fraud prevention, but it can also provide issuers with a better ability to approve good transactions. Between 15% and 20% of CNP transactions are not approved by the issuer, many of which should be. As I talk to merchants, this false decline problem is generally more concerning than fraud. 

The big question is how quickly will the industry adopt, and will the promise of both a better customer experience and reduced false declines bring more merchants into the fold? With the first live transactions expected in mid to late 2017, we’ll just have to wait and see.